Processed: Pending fixes for bugs in the libxml-libxml-perl package
Processing commands for cont...@bugs.debian.org:
> tag 866676 + pending
Bug #866676 {Done: Salvatore Bonaccorso }
[src:libxml-libxml-perl] libxml-libxml-perl: CVE-2017-10672: Use-after-free in
XML::LibXML::Node::replaceChild
Ignoring request to alter tags of bug #866676 to the same tags previously set
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
866676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866676
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#866676: Pending fixes for bugs in the libxml-libxml-perl package
tag 866676 + pending thanks Some bugs in the libxml-libxml-perl package are closed in revision 852fef98034bebcb843007234f03c31d06fccc7d in branch ' stretch' by Salvatore Bonaccorso The full diff can be seen at https://anonscm.debian.org/cgit/pkg-perl/packages/libxml-libxml-perl.git/commit/?id=852fef9 Commit message: CVE-2017-10672: Use-after-free by controlling the arguments to a replaceChild call Closes: #866676
Bug#881915: libidn FTBFS with gtk-doc-tools 1.26: gtkdoc-mktmpl is no longer available
Control: tags -1 + patch On Thu, Nov 16, 2017 at 02:47:34PM +0200, Adrian Bunk wrote: > touch scan-build.stamp > gtkdoc-mktmpl --module=libidn2 > /bin/bash: gtkdoc-mktmpl: command not found > Makefile:1259: recipe for target 'tmpl-build.stamp' failed > make[6]: *** [tmpl-build.stamp] Error 127 libidn2 does not build from source. It failed to run gtkdocize. Helmut diff --minimal -Nru libidn2-2.0.4/debian/changelog libidn2-2.0.4/debian/changelog --- libidn2-2.0.4/debian/changelog 2017-09-04 14:17:51.0 +0200 +++ libidn2-2.0.4/debian/changelog 2017-11-17 22:43:07.0 +0100 @@ -1,3 +1,10 @@ +libidn2 (2.0.4-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS: gtkdocize and add dblatex to Build-Depends. (Closes: #881915) + + -- Helmut Grohne Fri, 17 Nov 2017 22:43:07 +0100 + libidn2 (2.0.4-1) unstable; urgency=medium * Add myself to Uploaders diff --minimal -Nru libidn2-2.0.4/debian/control libidn2-2.0.4/debian/control --- libidn2-2.0.4/debian/control2017-09-04 14:17:51.0 +0200 +++ libidn2-2.0.4/debian/control2017-11-17 22:43:07.0 +0100 @@ -12,7 +12,8 @@ ruby-ronn, texinfo, texlive, - gtk-doc-tools + gtk-doc-tools, + dblatex, Standards-Version: 4.1.0 Priority: optional Homepage: https://www.gnu.org/software/libidn/#libidn2 diff --minimal -Nru libidn2-2.0.4/debian/rules libidn2-2.0.4/debian/rules --- libidn2-2.0.4/debian/rules 2017-09-04 14:17:51.0 +0200 +++ libidn2-2.0.4/debian/rules 2017-11-17 22:43:07.0 +0100 @@ -5,6 +5,11 @@ %: dh $@ --parallel --with autoreconf --fail-missing -O--dbgsym-migration="libidn2-0-dbg (<< 2.0.2-1~)" -X.la +override_dh_autoreconf: + rm -f gtk-doc.make + gtkdocize + dh_autoreconf + override_dh_auto_configure: dh_auto_configure -- \ --enable-ld-version-script \
Processed: Re: Bug#881915: libidn FTBFS with gtk-doc-tools 1.26: gtkdoc-mktmpl is no longer available
Processing control commands: > tags -1 + patch Bug #881915 [src:libidn2] libidn FTBFS with gtk-doc-tools 1.26: gtkdoc-mktmpl is no longer available Added tag(s) patch. -- 881915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881915 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#882052: byte-buddy: missing build dependency on libeclipse-aether-java
Source: byte-buddy Version: 1.7.2-1 Severity: serious https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/byte-buddy.html ... [INFO] [INFO] [INFO] Skipping Byte Buddy (parent) [INFO] This project has been banned from the build due to previous failures. [INFO] [INFO] [INFO] Reactor Summary: [INFO] [INFO] Byte Buddy (parent) SUCCESS [ 1.141 s] [INFO] Byte Buddy (with dependencies) . SUCCESS [01:20 min] [INFO] Byte Buddy (without dependencies) .. SUCCESS [ 4.145 s] [INFO] Byte Buddy (Maven plugin) .. FAILURE [ 0.025 s] [INFO] [INFO] BUILD FAILURE [INFO] [INFO] Total time: 01:26 min [INFO] Finished at: 2018-12-20T16:58:06-12:00 [INFO] Final Memory: 42M/1586M [INFO] [ERROR] Failed to execute goal on project byte-buddy-maven-plugin: Could not resolve dependencies for project net.bytebuddy:byte-buddy-maven-plugin:maven-plugin:1.7.2: The following artifacts could not be resolved: org.eclipse.aether:aether-api:jar:debian, org.eclipse.aether:aether-util:jar:debian: Cannot access central (https://repo.maven.apache.org/maven2) in offline mode and the artifact org.eclipse.aether:aether-api:jar:debian has not been downloaded from it before. -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn -rf :byte-buddy-maven-plugin dh_auto_build: /usr/lib/jvm/default-java/bin/java -noverify -cp /usr/share/maven/boot/plexus-classworlds-2.x.jar:/usr/lib/jvm/default-java/lib/tools.jar -Dmaven.home=/usr/share/maven -Dmaven.multiModuleProjectDirectory=/build/1st/byte-buddy-1.7.2 -Dclassworlds.conf=/etc/maven/m2-debian.conf -Dproperties.file.manual=/build/1st/byte-buddy-1.7.2/debian/maven.properties org.codehaus.plexus.classworlds.launcher.Launcher -s/etc/maven/settings-debian.xml -Ddebian.dir=/build/1st/byte-buddy-1.7.2/debian -Dmaven.repo.local=/build/1st/byte-buddy-1.7.2/debian/maven-repo --batch-mode package javadoc:jar javadoc:aggregate -DskipTests -Dnotimestamp=true -Dlocale=en_US returned exit code 1 debian/rules:4: recipe for target 'build' failed make: *** [build] Error 2
Bug#874708: anthy (EUCJP->UTF-8) and *-anthy packages
On Wed, Nov 15, 2017 at 10:20:31PM +0200, Adrian Bunk wrote: >... > It might be enough to just close this bug - this bug is currently the > main blocker for the testing migration. An update on the situation: The problem is now that gcin/hime/uim that are part of the anthy transition are also part of a Qt transition that is blocked by problems in mariadb. >From an anthy point of view that means just wait until this has been sorted out. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Bug#882055: Gedit breaks when writing to a file
Package: gedit Version: 3.22.0-2 (also 3.14 and 3.18) Severity: grave (reproduced with amd64 architecture, Gnome desktop) Problem occurs on 30% of tries 1. Open an existing file with Gedit 2. Modify something 3. Save (i.e. pressing Ctrl+S) Results: - Gedit breaks with message: GLib-GIO:ERROR:/build/glib2.0-B1uXKV/glib2.0-2.50.3/./gio/glocalfilemonitor.c:433:g_file_monitor_source_handle_event: code should not be reached - Text file is truncated to 0 bytes. No backup. Unrecoverable content. -- __ I'm using this express-made address because personal addresses aren't masked enough at this mail public archive. Public archive administrator should fix this against automated addresses collectors.
Bug#878270: marked as done (This NMU of anthy is not good enough)
Your message dated Sat, 18 Nov 2017 11:18:13 +0200 with message-id <20171118091813.kf7umtdwes45od6g@localhost> and subject line The 1:0.3-5.1 NMU never entered unstable has caused the Debian Bug report #878270, regarding This NMU of anthy is not good enough to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878270: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878270 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: anthy Severity: grave Version: 1:0.3-5.1 In short, my NMU was bad. I need to upload new version based on 1:0.3-5. (Maybe with typo fix.) Although NMU tries to accomodate slow library migration, it doesn't reach its goal. This is due to binary packages anthy and anthy-common arn't versioned. Itis too much and fixing ibus-anthy and letting it migrate together is better. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- debconf information excluded --- End Message --- --- Begin Message --- The 1:0.3-5.1 NMU never entered unstable, closing this bug. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed--- End Message ---
Bug#881881: marked as done (libtrilinos-kokkos-kernels-dev: fails to upgrade from 'testing' - trying to overwrite /usr/include/trilinos/Kokkos_ArithTraits.hpp)
Your message dated Sat, 18 Nov 2017 09:19:57 + with message-id and subject line Bug#881881: fixed in trilinos 12.12.1-2 has caused the Debian Bug report #881881, regarding libtrilinos-kokkos-kernels-dev: fails to upgrade from 'testing' - trying to overwrite /usr/include/trilinos/Kokkos_ArithTraits.hpp to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881881 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libtrilinos-kokkos-kernels-dev Version: 12.12.1-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package fails to upgrade from 'testing'. It installed fine in 'testing', then the upgrade to 'sid' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces >From the attached log (scroll to the bottom...): Selecting previously unselected package libtrilinos-kokkos-kernels-dev:amd64. Preparing to unpack .../libtrilinos-kokkos-kernels-dev_12.12.1-1_amd64.deb ... Unpacking libtrilinos-kokkos-kernels-dev:amd64 (12.12.1-1) ... dpkg: error processing archive /var/cache/apt/archives/libtrilinos-kokkos-kernels-dev_12.12.1-1_amd64.deb (--unpack): trying to overwrite '/usr/include/trilinos/Kokkos_ArithTraits.hpp', which is also in package libtrilinos-tpetra-dev 12.10.1-4+b1 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/libtrilinos-kokkos-kernels-dev_12.12.1-1_amd64.deb cheers, Andreas libtrilinos-tpetra-dev=12.10.1-4+b1_libtrilinos-kokkos-kernels-dev=12.12.1-1.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: trilinos Source-Version: 12.12.1-2 We believe that the bug you reported is fixed in the latest version of trilinos, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 881...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Schlömer (supplier of updated trilinos package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 17 Nov 2017 14:48:55 +0100 Source: trilinos Binary: trilinos-all-dev trilinos-dev libtrilinos-amesos12 libtrilinos-amesos-dev libtrilinos-amesos2-12 libtrilinos-amesos2-dev libtrilinos-anasazi12 libtrilinos-anasazi-dev libtrilinos-aztecoo12 libtrilinos-aztecoo-dev libtrilinos-belos12 libtrilinos-belos-dev libtrilinos-epetra12 libtrilinos-epetra-dev libtrilinos-epetraext12 libtrilinos-epetraext-dev libtrilinos-galeri12 libtrilinos-galeri-dev libtrilinos-globipack12 libtrilinos-globipack-dev libtrilinos-ifpack12 libtrilinos-ifpack-dev libtrilinos-ifpack2-12 libtrilinos-ifpack2-dev libtrilinos-intrepid12 libtrilinos-intrepid-dev libtrilinos-isorropia12 libtrilinos-isorropia-dev libtrilinos-kokkos12 libtrilinos-kokkos-dev libtrilinos-kokkos-kernels12 libtrilinos-kokkos-kernels-dev libtrilinos-komplex12 libtrilinos-komplex-dev libtrilinos-ml12 libtrilinos-ml-dev libtrilinos-moertel12 libtrilinos-moertel-dev libtrilinos-muelu12 libtrilinos-muelu-dev libtrilinos-nox12 libtrilinos-nox-dev libtrilinos-optipack12 libtrilinos-optipack-dev libtrilinos-pamgen12 libtrilinos-pamgen-dev libtrilinos-phalanx12 libtrilinos-phalanx-dev libtrilinos-pike12 libtrilinos-pike-dev libtrilinos-piro12 libtrilinos-piro-dev libtrilinos-pliris12 libtrilinos-pliris-dev libtrilinos-rol12 libtrilinos-rol-dev libtrilinos-rtop12 libtrilinos-rtop-dev libtrilinos-rythmos12 libtrilinos-rythmos-dev libtrilinos-sacado12 libtrilinos-sacado-dev libtrilinos-shards12 libtrilinos-shards-dev libtrilinos-shylu12 libtrilinos-shylu-dev libtrilinos-trilinosss12 libtrilinos-trilinosss-dev libtrilinos-stokhos12 libtrilinos-stokhos-dev libtrilinos-stratimikos12 libtrilinos-stratimikos-dev libtrilinos-teko12 libtrilinos-teko-dev libtrilinos-teuchos12 libtrilinos-teuchos-dev libtrilinos-thyra12 libtrilinos-thyra-dev libtrilinos-tpetra12 libtrilinos-tpetra-dev libtrilinos-trilinoscouplings12
Bug#880339: marked as done (golang-github-pingcap-check: FTBFS: dh_auto_test: cd obj-x86_64-linux-gnu && go test -v -p 16 github.com/pingcap/check returned exit code 1)
Your message dated Sat, 18 Nov 2017 09:19:08 +
with message-id
and subject line Bug#880339: fixed in golang-github-pingcap-check
0.0~git20170902.0.4c65d06-2
has caused the Debian Bug report #880339,
regarding golang-github-pingcap-check: FTBFS: dh_auto_test: cd
obj-x86_64-linux-gnu && go test -v -p 16 github.com/pingcap/check returned exit
code 1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
880339: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880339
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: golang-github-pingcap-check
Version: 0.0~git20170902.0.4c65d06-1
Severity: serious
Tags: buster sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20171030 qa-ftbfs
Justification: FTBFS on amd64
Hi,
During a rebuild of all packages in sid, your package failed to build on
amd64.
Relevant part (hopefully):
> debian/rules build
> dh build --buildsystem=golang --with=golang
>dh_update_autotools_config -O--buildsystem=golang
>dh_autoreconf -O--buildsystem=golang
>dh_auto_configure -O--buildsystem=golang
>dh_auto_build -O--buildsystem=golang
> cd obj-x86_64-linux-gnu && go install
> -gcflags=\"-trimpath=/<>/golang-github-pingcap-check-0.0\~git20170902.0.4c65d06/obj-x86_64-linux-gnu/src\"
>
> -asmflags=\"-trimpath=/<>/golang-github-pingcap-check-0.0\~git20170902.0.4c65d06/obj-x86_64-linux-gnu/src\"
> -v -p 16 github.com/pingcap/check
> github.com/pingcap/check
>dh_auto_test -O--buildsystem=golang
> cd obj-x86_64-linux-gnu && go test -v -p 16 github.com/pingcap/check
> === RUN Test
>
> --
> FAIL: benchmark_test.go:40: BenchmarkS.TestBenchmark
>
> benchmark_test.go:60:
> c.Assert(output.value, Matches, expected)
> ... value string = "PASS: check_test.go:144: FixtureHelper.Benchmark1\t
> 50\t223353 ns/op\n"
> ... regex string = "PASS: check_test\\.go:[0-9]+:
> FixtureHelper\\.Benchmark1\t *100\t *[12][0-9]{5} ns/op\n"
>
>
> --
> FAIL: benchmark_test.go:63: BenchmarkS.TestBenchmarkBytes
>
> benchmark_test.go:75:
> c.Assert(output.value, Matches, expected)
> ... value string = "PASS: check_test.go:151: FixtureHelper.Benchmark2\t
> 50\t226049 ns/op\t 4.53 MB/s\n"
> ... regex string = "PASS: check_test\\.go:[0-9]+:
> FixtureHelper\\.Benchmark2\t *100\t *[12][0-9]{5} ns/op\t *[4-9]\\.[0-9]{2}
> MB/s\n"
>
>
> --
> FAIL: benchmark_test.go:78: BenchmarkS.TestBenchmarkMem
>
> benchmark_test.go:91:
> c.Assert(output.value, Matches, expected)
> ... value string = "PASS: check_test.go:159: FixtureHelper.Benchmark3\t
> 50\t226753 ns/op\t 89 B/op\t 1 allocs/op\n"
> ... regex string = "PASS: check_test\\.go:[0-9]+:
> FixtureHelper\\.Benchmark3\t *100\t *[12][0-9]{5} ns/op\t *[0-9]+ B/op\t
> *[1-9] allocs/op\n"
>
> OOPS: 127 passed, 3 FAILED
> --- FAIL: Test (0.13s)
> FAIL
> exit status 1
> FAIL github.com/pingcap/check0.133s
> dh_auto_test: cd obj-x86_64-linux-gnu && go test -v -p 16
> github.com/pingcap/check returned exit code 1
The full build log is available from:
http://aws-logs.debian.net/2017/10/30/golang-github-pingcap-check_0.0~git20170902.0.4c65d06-1_unstable.log
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.
--- End Message ---
--- Begin Message ---
Source: golang-github-pingcap-check
Source-Version: 0.0~git20170902.0.4c65d06-2
We believe that the bug you reported is fixed in the latest version of
golang-github-pingcap-check, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 880...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Lustfield (supplier of updated
golang-github-pingcap-check package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-m
Bug#881857: add CVE
"Cantor, Scott" writes: > On 11/17/17, 11:48 AM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner" > behalf of wf...@niif.hu> wrote: > >> Now, this is still ongoing: >> https://release.debian.org/transitions/html/auto-xerces-c.html >> The upstream fixes for this issue appeared as new patch level releases >> for XMLTooling (1.6.2), OpenSAML (2.6.1) and the SP (2.6.1). Shall I >> wait for the transition to finish before uploading them? > > Sorry if I'm misinterpreting, but is this a source level issue or just > a question of ABI/build decision? SP 2.6.0/etc. definitely should > build against Xerces 3.2, and probably many older SP versions would > also. But if you're just referring to what they were built with in > Debian packaging cases to date, disregard. There are no known source-level problems here, it's just that Xerces 3.2 recently replaced 3.1 in Debian unstable, and now all packages using Xerces are being rebuilt for the new ABI. Any errors you see there should be gone once the necessary rebuilds are triggered in the proper order. I checked manually that XMLTooling 1.6 in unstable now already builds with Xerces 3.2 without any changes. But uploading new versions can be disruptive during such periods, that's why I asked the security team about the best course of action. -- Regards, Feri
Bug#881496: [Pkg-privacy-maintainers] Bug#881496: onioncircuits: current python3/testing breaks onioncircuits
Hi Mykola, thanks for letting us know about the issue. > --8<---cut here---start->8--- > $ onioncircuits > Traceback (most recent call last): > File "/usr/bin/onioncircuits", line 31, in > import stem.connection > File "/usr/lib/python3/dist-packages/stem/connection.py", line 134, in > > import stem.control > File "/usr/lib/python3/dist-packages/stem/control.py", line 265, in > import stem.descriptor.microdescriptor > File "/usr/lib/python3/dist-packages/stem/descriptor/__init__.py", line 55, > in > import stem.util.system > File "/usr/lib/python3/dist-packages/stem/util/system.py", line 68, in > > import ctypes > File "/usr/lib/python3.6/ctypes/__init__.py", line 7, in > from _ctypes import Union, Structure, Array > ImportError: > /usr/lib/python3.6/lib-dynload/_ctypes.cpython-36m-x86_64-linux-gnu.so: > failed to map segment from shared object > --8<---cut here---end--->8--- Unfortunately I an unable to reproduce this on a fresh testing amd64 Vagrant box with the same versions of python3 and stem that you are using: vagrant@testing:~$ apt show python3 python3-stem | grep Vers [...] Version: 3.6.3-2 Version: 1.6.0-1 Onioncircuits (0.5-1) starts up fine and displays correct data. All I did to set up my testing environment was installing onioncircuits, tor and then adding the Vagrant user to the debian-tor group (so onioncircuits would work as user). Some googling for the "failed to map segment from shared object" message seems to suggest some issue with missing filesystem execute permissions, but given that it's /usr/lib we're looking at here and downgrading to another python3 version fixes the problem, it's unlikely that's the cause. Can anyone else in the team reproduce this issue or probably comment? Cheers Sascha signature.asc Description: OpenPGP digital signature
Bug#882059: python-ibus package is missing in testing repository
Package: python-ibus Version: 1.5.1.is.1.4.2-1~bpo70+1 Severity: grave Tags: l10n Justification: renders package unusable -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages python-ibus depends on: ii iso-codes3.76-1 ii python 2.7.14-1 ii python-dbus 1.2.4-1+b4 ii python-gtk2 2.24.0-5.1 python-ibus recommends no packages. python-ibus suggests no packages. -- no debconf information The package python-ibus is missing from the testing repository. The latest python-ibus package available is in wheezy-backports. I am using Debian testing (buster), so python-ibus is not available to me. This causes ibus-tegaki to fail which prevents me from launching the tegaki Japanese/Chinese handwriting IME via the ibus hotkeys and tray icon. According to the tegaki developers, python-ibus is a dependency for ibus-tegaki, even though the maintainer of the ibus-tegaki Debian package never included python-ibus as a dependency. In the past I have been able to get ibus-tegaki to work by installing python-ibus, but that is not possible now. I tried installiing the version of python-ibus available in wheezy-backports, but it does not work, presumably because it was compiled for wheezy and not for the current testing version (buster). I request that the python-ibus package be made available in the current Debian repositories since it is required for ibus-tegaki and possibly other packages to function. Thank you.
Bug#882055: Gedit breaks when writing to a file
Nautilus seems to break at same time. Circumstance can be that files to write has r+w permission for everybody, but aren't owned by current user (i.e.: root:users) -- __ I'm using this express-made address because personal addresses aren't masked enough at this mail public archive. Public archive administrator should fix this against automated addresses collectors.
Processed: Merge duplicates
Processing commands for cont...@bugs.debian.org:
> reassign 882011 src:python-cryptography
Bug #882011 [python-cryptography] python-cryptography: no longer depends on
cffi-backend, offlineimap fails to start
Bug reassigned from package 'python-cryptography' to 'src:python-cryptography'.
No longer marked as found in versions python-cryptography/2.1.3-1.
Ignoring request to alter fixed versions of bug #882011 to the same values
previously set
> forcemerge 882016 882011
Bug #882016 [src:python-cryptography] python{,3}-cryptography lost dependencies
Bug #882011 [src:python-cryptography] python-cryptography: no longer depends on
cffi-backend, offlineimap fails to start
Severity set to 'serious' from 'grave'
Added indication that 882011 affects python-cryptography,python3-cryptography
Marked as found in versions python-cryptography/2.1.3-1.
Merged 882011 882016
> retitle 882011 python{,3}-cryptography lost required dependencies
Bug #882011 [src:python-cryptography] python-cryptography: no longer depends on
cffi-backend, offlineimap fails to start
Bug #882016 [src:python-cryptography] python{,3}-cryptography lost dependencies
Changed Bug title to 'python{,3}-cryptography lost required dependencies' from
'python-cryptography: no longer depends on cffi-backend, offlineimap fails to
start'.
Changed Bug title to 'python{,3}-cryptography lost required dependencies' from
'python{,3}-cryptography lost dependencies'.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
882011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882011
882016: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed: tagging 882011
Processing commands for cont...@bugs.debian.org:
> tags 882011 + pending
Bug #882011 [src:python-cryptography] python{,3}-cryptography lost required
dependencies
Bug #882016 [src:python-cryptography] python{,3}-cryptography lost required
dependencies
Added tag(s) pending.
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
882011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882011
882016: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#881496: [Pkg-privacy-maintainers] Bug#881496: Bug#881496: onioncircuits: current python3/testing breaks onioncircuits
Sascha Steinbiss: > Can anyone else in the team reproduce this issue or probably comment? I can't reproduce this on current sid.
Processed: Bug#882011 marked as pending
Processing commands for cont...@bugs.debian.org:
> tag 882011 pending
Bug #882011 [src:python-cryptography] python{,3}-cryptography lost required
dependencies
Bug #882016 [src:python-cryptography] python{,3}-cryptography lost required
dependencies
Ignoring request to alter tags of bug #882011 to the same tags previously set
Ignoring request to alter tags of bug #882016 to the same tags previously set
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
882011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882011
882016: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#882011: marked as pending
tag 882011 pending thanks Hello, Bug #882011 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/python-modules/packages/python-cryptography.git/commit/?id=ce4d74e --- commit ce4d74e24857f4bc9724657522e879d8327c5742 Author: Tristan Seligmann Date: Sat Nov 18 13:04:34 2017 +0200 Work around lack of environment marker support in dh_python by explicitly listing dependencies. diff --git a/debian/changelog b/debian/changelog index cc9159b..bb6de2a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +python-cryptography (2.1.3-2) unstable; urgency=medium + + * Work around lack of environment marker support in dh_python by +explicitly listing dependencies (closes: #882011). + + -- Tristan Seligmann Sat, 18 Nov 2017 13:16:11 +0200 + python-cryptography (2.1.3-1) unstable; urgency=medium * New upstream release (closes: #874456).
Processed: same thing for python-enum34
Processing control commands:
> retitle -1 python-cryptography: no longer depends on cffi-backend and enum,
> programs fail to start
Bug #882011 [src:python-cryptography] python{,3}-cryptography lost required
dependencies
Bug #882016 [src:python-cryptography] python{,3}-cryptography lost required
dependencies
Changed Bug title to 'python-cryptography: no longer depends on cffi-backend
and enum, programs fail to start' from 'python{,3}-cryptography lost required
dependencies'.
Changed Bug title to 'python-cryptography: no longer depends on cffi-backend
and enum, programs fail to start' from 'python{,3}-cryptography lost required
dependencies'.
--
882011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882011
882016: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#882011: same thing for python-enum34
Control: retitle -1 python-cryptography: no longer depends on cffi-backend and enum, programs fail to start The same is happening with obnam and python-enum34: riccio@hactar:~$ obnam generations Traceback (most recent call last): File "/usr/bin/obnam", line 18, in import obnamlib File "/usr/lib/python2.7/dist-packages/obnamlib/__init__.py", line 91, in from .app import App, ObnamIOError, ObnamSystemError File "/usr/lib/python2.7/dist-packages/obnamlib/app.py", line 25, in import paramiko File "/usr/lib/python2.7/dist-packages/paramiko/__init__.py", line 30, in from paramiko.transport import SecurityOptions, Transport File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 33, in from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/ciphers/__init__.py", line 7, in from cryptography.hazmat.primitives.ciphers.base import ( File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/ciphers/base.py", line 12, in from cryptography.exceptions import ( File "/usr/lib/python2.7/dist-packages/cryptography/exceptions.py", line 7, in from enum import Enum ImportError: No module named enum Thanks, Riccardo
Bug#882011: marked as done (python-cryptography: no longer depends on cffi-backend and enum, programs fail to start)
Your message dated Sat, 18 Nov 2017 11:34:36 +
with message-id
and subject line Bug#882011: fixed in python-cryptography 2.1.3-2
has caused the Debian Bug report #882011,
regarding python-cryptography: no longer depends on cffi-backend and enum,
programs fail to start
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
882011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882011
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-cryptography
Version: 2.1.3-1
Severity: grave
Justification: renders package unusable (I think, please drop severity if not)
I use offlineimap with python-keyring, retrieving my IMAP password from
gnome-keyring. This uses python-secretstorage and python-cryptography
behind the scenes.
I recently upgraded python[3]-cryptography from 1.9-1 to 2.1.3-1. During
this transaction, the python[3]-cffi-backend packages were removed as
"no longer used". This causes a previously-working offlineimap configuration
to fail:
ERROR: While attempting to sync account ''
No module named _cffi_backend
...
File "", line 1, in
File "/usr/lib/python2.7/dist-packages/keyring/core.py", line 41, in
get_password
return _keyring_backend.get_password(service_name, username)
File "/usr/lib/python2.7/dist-packages/keyring/backends/SecretService.py",
line 65, in get_password
return item.get_secret().decode('utf-8')
File "/usr/lib/python2.7/dist-packages/secretstorage/item.py", line 102, in
get_secret
decryptor = Cipher(aes, modes.CBC(aes_iv), default_backend()).decryptor()
File
"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/__init__.py",
line 15, in default_backend
from cryptography.hazmat.backends.openssl.backend import backend
File
"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/__init__.py",
line 7, in
from cryptography.hazmat.backends.openssl.backend import backend
File
"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py",
line 16, in
from cryptography import utils, x509
File "/usr/lib/python2.7/dist-packages/cryptography/x509/__init__.py", line
8, in
from cryptography.x509.base import (
File "/usr/lib/python2.7/dist-packages/cryptography/x509/base.py", line 16,
in
from cryptography.x509.extensions import Extension, ExtensionType
File "/usr/lib/python2.7/dist-packages/cryptography/x509/extensions.py", line
18, in
from cryptography.hazmat.primitives import constant_time, serialization
File
"/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/constant_time.py",
line 9, in
from cryptography.hazmat.bindings._constant_time import lib
I've set a release-critical severity to block testing migration, on
the assumption that this breaks all other uses of python-cryptography.
If that isn't true, please drop the severity.
Regards,
smcv
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500,
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental-debug'), (1,
'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages python-cryptography depends on:
ii libc6 2.24-17
ii libssl1.1 1.1.0g-2
ii python 2.7.14-1
ii python-asn1crypto 0.22.0-1
ii python-idna2.5-1
ii python-six 1.11.0-1
python-cryptography recommends no packages.
Versions of packages python-cryptography suggests:
pn python-cryptography-doc
pn python-cryptography-vectors
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: python-cryptography
Source-Version: 2.1.3-2
We believe that the bug you reported is fixed in the latest version of
python-cryptography, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tristan Seligmann (supplier of updated
python-cryptography package)
(This message was generated automatically at their request; if you
believe that
Bug#882016: marked as done (python-cryptography: no longer depends on cffi-backend and enum, programs fail to start)
Your message dated Sat, 18 Nov 2017 11:34:36 +
with message-id
and subject line Bug#882011: fixed in python-cryptography 2.1.3-2
has caused the Debian Bug report #882011,
regarding python-cryptography: no longer depends on cffi-backend and enum,
programs fail to start
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
882011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882011
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-cryptography
Version: 2.1.3-1
Severity: serious
Control: affects -1 python-cryptography python3-cryptography
Looking at the changelog, it doesn't seem to be intentional
that python{,3}-cryptography lost their cffi dependencies
as well as some other dependencies.
--- End Message ---
--- Begin Message ---
Source: python-cryptography
Source-Version: 2.1.3-2
We believe that the bug you reported is fixed in the latest version of
python-cryptography, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tristan Seligmann (supplier of updated
python-cryptography package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 18 Nov 2017 13:16:11 +0200
Source: python-cryptography
Binary: python-cryptography python3-cryptography python-cryptography-doc
Architecture: source
Version: 2.1.3-2
Distribution: unstable
Urgency: medium
Maintainer: Tristan Seligmann
Changed-By: Tristan Seligmann
Description:
python-cryptography - Python library exposing cryptographic recipes and
primitives (Pyt
python-cryptography-doc - Python library exposing cryptographic recipes and
primitives (doc
python3-cryptography - Python library exposing cryptographic recipes and
primitives (Pyt
Closes: 882011
Changes:
python-cryptography (2.1.3-2) unstable; urgency=medium
.
* Work around lack of environment marker support in dh_python by
explicitly listing dependencies (closes: #882011).
Checksums-Sha1:
69289113c2f5a9d9da5fa4fe406cbae7d78bfeec 3257 python-cryptography_2.1.3-2.dsc
b84ca193a892c76e006717dadfc10cfea7003ea0 24828
python-cryptography_2.1.3-2.debian.tar.xz
7c3f6238bafd87be5f9f140987488f2f38c9db86 7826
python-cryptography_2.1.3-2_source.buildinfo
Checksums-Sha256:
b8697f65a0046eb96f8145000649246d528c31602afe1a80897a743ec1fec2ec 3257
python-cryptography_2.1.3-2.dsc
59c946c14e9815c91104f87fe8599c39003f7205451f1c34e4391cf447f60aa4 24828
python-cryptography_2.1.3-2.debian.tar.xz
c31f5259fbbad36cf101109d525c7791898e08b41d2e6bc73cb874795516a930 7826
python-cryptography_2.1.3-2_source.buildinfo
Files:
d1ab9b2d6d48a5923b4abff858ebc9f0 3257 python optional
python-cryptography_2.1.3-2.dsc
b974160bf153f6318760360811ce5b26 24828 python optional
python-cryptography_2.1.3-2.debian.tar.xz
0aa2d4c7f8e18e97c873bc0bbac0b9ab 7826 python optional
python-cryptography_2.1.3-2_source.buildinfo
-BEGIN PGP SIGNATURE-
iQGpBAEBCgCTFiEEXAZWhXVRbQoz/6ejwImQ+x9jeJMFAloQGLZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDVD
MDY1Njg1NzU1MTZEMEEzM0ZGQTdBM0MwODk5MEZCMUY2Mzc4OTMVHG1pdGhyYW5k
aUBkZWJpYW4ub3JnAAoJEMCJkPsfY3iT3aMH/RRClzWALYgrgql9aiKQF1B9ylXj
grp9lzCnIYLfAznuwCCG1vXaSCsRiqyUq1QcqmUNslf/X2HhmbDCiUvaQiqYrFzi
Z404YUSINvamunsf0UQ+HnEukP/sk2RfXJlYCckCxA7zOlGJMLs0wiOVRX1X3dag
B2VAd9ja68boX4VSoYnhtAMIdPtfAoV19yMBps5KeTD3cdOYi51O1qycPRGxgwiS
I6JR3MGG07HLQ5R928EgQK+uncPSIKVCprSL95heKcT12+52jDE1V48LhOcv/DT+
1JAinCnh2rqzQ5dqZc/nRkrwnVOBiSmMQzcpIVGdRA+2M/NSaTTBQuDELCA=
=lJ8f
-END PGP SIGNATURE End Message ---
Bug#882011: same thing for python-enum34
Uops, sorry, I have just seen you already retitled/fixed the bug... I'm sorry for the noise. Riccardo
Bug#859551: marked as done (pgbouncer: Please migrate to openssl1.1 in buster)
Your message dated Sat, 18 Nov 2017 11:50:33 + with message-id and subject line Bug#859551: fixed in pgbouncer 1.7.2-65-g2b8e6cf-1 has caused the Debian Bug report #859551, regarding pgbouncer: Please migrate to openssl1.1 in buster to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859551: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859551 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: pgbouncer Version: 1.7.2-1 Severity: important Control: block 827061 by -1 Hi, OpenSSL 1.1.0 is about to released. During a rebuild of all packages using OpenSSL this package fail to build. A log of that build can be found at: https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/pgbouncer_1.7.2-1_amd64-20160529-1506 On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the reasons why it might fail. There are also updated man pages at https://www.openssl.org/docs/manmaster/ that should contain useful information. There is a libssl-dev package available in experimental that contains a recent snapshot, I suggest you try building against that to see if everything works. If you have problems making things work, feel free to contact us. Kurt --- End Message --- --- Begin Message --- Source: pgbouncer Source-Version: 1.7.2-65-g2b8e6cf-1 We believe that the bug you reported is fixed in the latest version of pgbouncer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Berg (supplier of updated pgbouncer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 17 Nov 2017 18:38:18 +0100 Source: pgbouncer Binary: pgbouncer Architecture: source Version: 1.7.2-65-g2b8e6cf-1 Distribution: unstable Urgency: medium Maintainer: Debian PostgreSQL Maintainers Changed-By: Christoph Berg Description: pgbouncer - lightweight connection pooler for PostgreSQL Closes: 859551 Changes: pgbouncer (1.7.2-65-g2b8e6cf-1) unstable; urgency=medium . * New upstream snapshot, supports openssl 1.1. Closes: #859551. Checksums-Sha1: ebf97ea3e48197516b06185c4ecb0f9436b24bab 2339 pgbouncer_1.7.2-65-g2b8e6cf-1.dsc 722be385147431aa728d40e612c2651eb5fa0031 533170 pgbouncer_1.7.2-65-g2b8e6cf.orig.tar.gz 07692ae807c8f78c249eb7d3e926fa565badc15f 9076 pgbouncer_1.7.2-65-g2b8e6cf-1.debian.tar.xz 3623cc7647aabe3023175a7925ceda5260f73fce 5977 pgbouncer_1.7.2-65-g2b8e6cf-1_source.buildinfo Checksums-Sha256: 4c2df82f46dc322fd0f7c9b340216d283106337ab6a22b6bdd7a8169a492f420 2339 pgbouncer_1.7.2-65-g2b8e6cf-1.dsc eb1e5f30278ff5defda600cc60e38749226806ea7b9e53170a319729b33fe9ef 533170 pgbouncer_1.7.2-65-g2b8e6cf.orig.tar.gz eb58a040ecf027a264056d6811a107f4ac3f5b918c5f045af0301568612781d6 9076 pgbouncer_1.7.2-65-g2b8e6cf-1.debian.tar.xz c180e3fd12d597021fe7984d53aa336b9c626dd9a82a766a9331b00cc86d760f 5977 pgbouncer_1.7.2-65-g2b8e6cf-1_source.buildinfo Files: 0515d16d1763347ee6cd200b9a2c4db0 2339 database optional pgbouncer_1.7.2-65-g2b8e6cf-1.dsc 04629d1efc6a99ae8fc1bcf8791d5978 533170 database optional pgbouncer_1.7.2-65-g2b8e6cf.orig.tar.gz 09c506f68bf3852e8593402ff727 9076 database optional pgbouncer_1.7.2-65-g2b8e6cf-1.debian.tar.xz 83bb90e3c296d3911852e793bc829ac5 5977 database optional pgbouncer_1.7.2-65-g2b8e6cf-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAloQG6oACgkQTFprqxLS p64jHBAAtZ1hJCpTUE0S812T5dk8nhDyhs93l62SN6iJU8MsTYSurPrTNIKG9rFE dYNlTZtImjNwv8Fb9Mw4tQlPtzts87FyvSt+Jn8LwZdO/zZweGh4gD9loa7opBFy GNw1mJjuo8yHv0Cs0H6z1kkrGn9O6EZ4tWogzlFA+Nto6xCtwYdZ/rr5B2xlYgGL AbTXi1qgBErEFG7ATgaSrEouE8nnKljE8470Xlr9jhW1GOhOkDB7c9H6OAs0WlNU WAzyFD1e8axGw3T5QJbanuCUiGwF/ojXb8ZsakBQ7qMsiWfPgqZSvv2sopN+XttW TiWLXfhH3dwN/QYPNyd2Sf6Hfx4lcFGBRlytSgkc9Fx2ECzbah1kkNFXgb1quYsu cmOZw0WTgHDZ8o4zAMd2IM9/pYIBwAx9BNY961dccsJOtVmKLE3/8U9cvqxuLgjT 7oa68AW4fuSTp7DF4Uy/0D1do0R2lEbaeI5UNS/RL/a0AN7nHBBFmGfeGiYaF4XZ r841zEpBETelwLrjhk1T/ok6AuCaGNnMaeC/ovXPpCIdJ2Y8/naPbQu0zVnRk+Gz Nafwrg31yRSgfa5WwK49pfF57sRMtjACCFIsJzYDyzofFNcBtG/lrY7Ymvr+vxfF zwg+ohMHjDeexrvCna/DYlTbYBpPQXph0wBhw36i
Bug#881149: htslib FTBFS: test failures on i386
Another FWIW, building on i386 with -O1 instead of -O2 and dropping -fno-strict-aliasing is successful. Where can one find the differences between -O1 and -O2 in GCC 7? What changed between GCC 6 and 7 would be useful too. --- a/debian/rules +++ b/debian/rules @@ -7,7 +7,10 @@ include /usr/share/dpkg/default.mk -export DEB_CFLAGS_MAINT_APPEND = -fno-strict-aliasing +ifneq (,$(filter $(DEB_HOST_ARCH),i386)) + export DEB_CFLAGS_MAINT_STRIP=-O2 + export DEB_CFLAGS_MAINT_APPEND=-O1 +endif %: dh $@
Bug#784449: Porting AcetoneISO to Qt5
AcetoneISO can be ported to Qt5 by simply executing the following commands inside the source code: sed -i 's/QtGui/QtWidgets/' sources/* sed -i 's/getInteger/getInt/' sources/* sed -i 's/WFlags/WindowFlags/' sources/* sed -i 's/webkit/webkitwidgets/' acetoneiso.pro sed -i 's/TARGET = /TARGET = acetoneiso/' acetoneiso.pro sed -i 's/QT += phonon/LIBS += -lphonon4qt5/' acetoneiso.pro sed -i 's@INCLUDEPATH.*$@& /usr/include/phonon4qt5/KDE@' acetoneiso.pro
Bug#881857: add CVE
Hi On Fri, Nov 17, 2017 at 05:43:54PM +0100, Ferenc Wágner wrote: > Salvatore Bonaccorso writes: > > > Thanks, need to check why my mail for 881857 did not went trough > > (since I retitled both with the CVE assignments). > > I think you used the same bug number in both. Oh wow, that's sort of higly embarassing. Apologies about that :( > Now, this is still ongoing: > https://release.debian.org/transitions/html/auto-xerces-c.html > The upstream fixes for this issue appeared as new patch level releases > for XMLTooling (1.6.2), OpenSAML (2.6.1) and the SP (2.6.1). Shall I > wait for the transition to finish before uploading them? It's honestly not something I can advise with the security team hat on. But since the transition is ongoing it's probably best to wait until the transition has happened. But alternatively ask the release team if it's fine to upload a targetted fix with urgency=high and do a new upstream import possibly just later to avoid blocking the tranisition in case some problems arise with the new upstream imported versions. Please do not take above with care, best is to have import from release team to not block their work on transition. Regards, Salvatore
Bug#866676: Pending fixes for bugs in the libxml-libxml-perl package
tag 866676 + pending thanks Some bugs in the libxml-libxml-perl package are closed in revision e8045d7ace37ba952f0fa3cc8ca6281a9d20b8a5 in branch ' jessie-security' by Salvatore Bonaccorso The full diff can be seen at https://anonscm.debian.org/cgit/pkg-perl/packages/libxml-libxml-perl.git/commit/?id=e8045d7 Commit message: CVE-2017-10672: Use-after-free by controlling the arguments to a replaceChild call Closes: #866676
Processed: Pending fixes for bugs in the libxml-libxml-perl package
Processing commands for cont...@bugs.debian.org:
> tag 866676 + pending
Bug #866676 {Done: Salvatore Bonaccorso }
[src:libxml-libxml-perl] libxml-libxml-perl: CVE-2017-10672: Use-after-free in
XML::LibXML::Node::replaceChild
Ignoring request to alter tags of bug #866676 to the same tags previously set
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
866676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866676
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#824827: mixmaster: hold on..
Package: mixmaster Version: 3.0.0-8.1 Followup-For: Bug #824827 Dear Maintainer, > The bug reporter is incorrect about the status of mixmaster, it's > not designed to use 4k keys so it is hardly surprising that it fails > when you try to use them. You continue to misunderstand the bug report. This is not a feature request for 4k key support. The bug is that mixmaster selects incompatible (4k key) remailers for the chain, it means 4k keys are /partially/ supported (a very bad idea). In order to function, the support must be entirely one way or the other. These two bugs still remain: bug 1: mixmaster autonomously chooses to use a (so-called) unsupported chain. If 4k keys are not supported, the tool shouldn't attempt to chain through unusable nodes in the first place. bug 2: the error message "encryption failed" is absurdly vague. In the absence of a fix for bug 1, the tool should say something meaningful like: "cannot route through dizum because its keys are too large" > The project is effectively dead upstream and has been for some time. > This is mostly because it is no longer secure. It is for this reason > that I recommend it's removal. A stale upstream project is not necessarily a reason to remove a downstream project (an upstream project may be sufficiently stable). However, persistence of the above-mentioned defects are good cause for removal.
Bug#881445: marked as pending
tag 881445 pending thanks Hello, Bug #881445 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-ox.git/commit/?id=e4020d4 --- commit e4020d4e4c45e863e36894751b771f2c17a4cdeb Author: Cédric Boutillier Date: Thu Nov 16 23:59:28 2017 +0100 prepare changelog diff --git a/debian/changelog b/debian/changelog index bf15abb..9e6868c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +ruby-ox (2.8.2-1) unstable; urgency=medium + + * New upstream version 2.8.2 ++ fix CVE-2017-15928: segmentation fault in parse_obj + (Closes: #881445) + * Remove version in the gem2deb build-dependency + * Use https:// in Vcs-* fields + * Run wrap-and-sort on packaging files + * Bump Standards-Version to 4.1.1 (no changes needed) + * Bump debhelper compatibility level to 10 + * Refresh 000-fix-so-load-path.patch + + -- Cédric Boutillier Sat, 18 Nov 2017 15:04:44 +0100 + ruby-ox (2.1.1-2) unstable; urgency=medium * Team upload.
Processed: Bug#881445 marked as pending
Processing commands for cont...@bugs.debian.org: > tag 881445 pending Bug #881445 [src:ruby-ox] ruby-ox: CVE-2017-15928: Segmentation fault in the parse_obj Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 881445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881445 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#824827: mixmaster: hold on..
On 18/11/17 14:04, Nomen Nescio wrote: > You continue to misunderstand the bug report. This is not a feature > request for 4k key support. I know that. What you fail to realise is that the mixmaster *specification* makes no mention of 4k keys!
Bug#881630: vdr-plugin-xineliboutput: FTBFS with multiarchified xine-lib-1.2 >= 1.2.6-2
works :) thanks...
Bug#881445: marked as done (ruby-ox: CVE-2017-15928: Segmentation fault in the parse_obj)
Your message dated Sat, 18 Nov 2017 15:06:17 + with message-id and subject line Bug#881445: fixed in ruby-ox 2.8.2-1 has caused the Debian Bug report #881445, regarding ruby-ox: CVE-2017-15928: Segmentation fault in the parse_obj to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 881445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881445 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ruby-ox Version: 2.1.1-2 Severity: grave Tags: security upstream Forwarded: https://github.com/ohler55/ox/issues/194 Hi, the following vulnerability was published for ruby-ox. Rationale for RC severity: think the issue warrants to be adressed for the next stable release. The issue itself possibly though does not warrant a DSA on it's own for stretch and jessie. CVE-2017-15928[0]: | In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation | fault when a crafted input is supplied to parse_obj. NOTE: the vendor | has stated "Ox should handle the error more gracefully" but has not | confirmed a security implication. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15928 [1] https://github.com/ohler55/ox/issues/194 [2] https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8 Regards, Salvatore --- End Message --- --- Begin Message --- Source: ruby-ox Source-Version: 2.8.2-1 We believe that the bug you reported is fixed in the latest version of ruby-ox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 881...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier (supplier of updated ruby-ox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2017 15:04:44 +0100 Source: ruby-ox Binary: ruby-ox Architecture: source Version: 2.8.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers Changed-By: Cédric Boutillier Description: ruby-ox- fast XML parser and object serializer Closes: 881445 Changes: ruby-ox (2.8.2-1) unstable; urgency=medium . * New upstream version 2.8.2 + fix CVE-2017-15928: segmentation fault in parse_obj (Closes: #881445) * Remove version in the gem2deb build-dependency * Use https:// in Vcs-* fields * Run wrap-and-sort on packaging files * Bump Standards-Version to 4.1.1 (no changes needed) * Bump debhelper compatibility level to 10 * Refresh 000-fix-so-load-path.patch Checksums-Sha1: 4ad78c2a88cbe629c7ca068fb0b176722ab1cc68 1607 ruby-ox_2.8.2-1.dsc 3bcb0ee7fd0d7e18c4fe67ec6296a42b3c0e0ca9 79209 ruby-ox_2.8.2.orig.tar.gz 904b96d86ab63d8052a8603b4a2855b08e2dc9e0 3188 ruby-ox_2.8.2-1.debian.tar.xz 3f62f2ed914c0a17f790a41a8da5e7796ccff36e 6137 ruby-ox_2.8.2-1_source.buildinfo Checksums-Sha256: d55dcafa972fee1ba6e9b78bb580640151588420f718a5cdf8782f2704ce18f6 1607 ruby-ox_2.8.2-1.dsc 0d0bbc69677a204fbe295c3443ddb0fa893e3647b26794c3ca5d5d87ae21f6f4 79209 ruby-ox_2.8.2.orig.tar.gz 66ee937680c908e36bb3011db5a110b6cc5b000d5c2bd6555824e489303a838b 3188 ruby-ox_2.8.2-1.debian.tar.xz 76f6dca2321b06ef6dc8008eaa9b95f20948c6865e6a2f54a74702d389c1c1de 6137 ruby-ox_2.8.2-1_source.buildinfo Files: 168c8852e890450d5fc1989b1b04c40d 1607 ruby optional ruby-ox_2.8.2-1.dsc 6e16022002fe0701aafa6bfc71b2d3ae 79209 ruby optional ruby-ox_2.8.2.orig.tar.gz ecc166ac9a03c5d7527a14d7cf807bd8 3188 ruby optional ruby-ox_2.8.2-1.debian.tar.xz 9e72028599d5c003c306fb7181cadc37 6137 ruby optional ruby-ox_2.8.2-1_source.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAloQP8QACgkQia+CtznN IXoM8ggAlvZTDQ3CimHdk/EIGWHNqz1QoxuAS4vk3IAIGi0Lzfb8J7wX9e4mj1ed rIef72BcYue/uzUgwHWPEoua2H/3Wej0oR1IgZzOpTq/5w2j+SEbcBMGYI9ScMO3 shCJg3YRLJgkE7SSwQ9rRj8KdpyD/daWQS1lLy88iOTZFyfXf0ZZ21Kl+tV7e/w3 FerwHwuQfijsK4fcwT+q8f0OCO248VSGjGtkJpIyn7/lJic0ypMbg7t75bOTgWn1 hKVYthRfmgECPUU+AvsVTPbDTMwzphxusMBlFhr9W5dRmzhnAA3uYz92IMRTe1
Bug#881929: waterfox or Pale Moon?
Considering how completely, utterly broken new Firefox is, I have some doubts whether it'll reach a basic level of usability before Buster. Thus, it looks likely that someone would upload Waterfox, Pale Moon or Basilisk, thus there's no need to haste to remove addons for non-crippled versions of Firefox. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ Imagine there are bandits in your house, your kid is bleeding out, ⢿⡄⠘⠷⠚⠋⠀ the house is on fire, and seven big-ass trumpets are playing in the ⠈⠳⣄ sky. Your cat demands food. The priority should be obvious...
Bug#881598: marked as pending
tag 881598 pending thanks Hello, Bug #881598 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/openstack/services/ironic-inspector.git/commit/?id=5006834 --- commit 5006834e1a09cfd82adf1ceeca5eb360f1f3837f Author: Thomas Goirand Date: Sat Nov 18 15:25:19 2017 + Changelog closes #881598 diff --git a/debian/changelog b/debian/changelog index 355b63e..26a6447 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,7 +7,8 @@ ironic-inspector (6.0.0-1) unstable; urgency=medium * Running wrap-and-sort -bast. * Standards-Version: 4.1.1. * Deprecating priority extra as per policy 4.0.1. - * New upstream release. + * New upstream release: +- Can (again) be installed without crashing (Closes: #881598). * Fixed (build-)depends for this release. * Rebase patch. * Do not add python-pydot3 and python-construct as b-d, as that's for the doc
Processed: Bug#881598 marked as pending
Processing commands for cont...@bugs.debian.org: > tag 881598 pending Bug #881598 [ironic-inspector] ironic-inspector: fails to install: ValueError: invalid literal for int() with base 10: 'ironic_inspector.sqlite' Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 881598: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881598 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign 882069 to src:python-cryptography, forcibly merging 882069 882011 ...
Processing commands for cont...@bugs.debian.org:
> reassign 882069 src:python-cryptography
Bug #882069 [python3-keyring] python3-keyring: ModuleNotFoundError: No module
named '_cffi_backend'
Bug reassigned from package 'python3-keyring' to 'src:python-cryptography'.
No longer marked as found in versions python-keyring/10.4.0-1.
Ignoring request to alter fixed versions of bug #882069 to the same values
previously set
> forcemerge 882069 882011
Bug #882069 [src:python-cryptography] python3-keyring: ModuleNotFoundError: No
module named '_cffi_backend'
Bug #882069 [src:python-cryptography] python3-keyring: ModuleNotFoundError: No
module named '_cffi_backend'
Marked as fixed in versions python-cryptography/2.1.3-2.
Marked as found in versions python-cryptography/2.1.3-1.
Bug #882016 {Done: Tristan Seligmann }
[src:python-cryptography] python-cryptography: no longer depends on
cffi-backend and enum, programs fail to start
Severity set to 'normal' from 'serious'
Severity set to 'normal' from 'serious'
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions python-cryptography/2.1.3-2.
No longer marked as fixed in versions python-cryptography/2.1.3-2.
Removed indication that 882016 affects python-cryptography and
python3-cryptography
Removed indication that 882011 affects python3-cryptography and
python-cryptography
Bug #882011 [src:python-cryptography] python-cryptography: no longer depends on
cffi-backend and enum, programs fail to start
Marked as fixed in versions python-cryptography/2.1.3-2.
Marked as fixed in versions python-cryptography/2.1.3-2.
Merged 882011 882016 882069
> retitle 882069 python-cryptography: missing dependencies
Bug #882069 [src:python-cryptography] python3-keyring: ModuleNotFoundError: No
module named '_cffi_backend'
Bug #882011 [src:python-cryptography] python-cryptography: no longer depends on
cffi-backend and enum, programs fail to start
Bug #882016 [src:python-cryptography] python-cryptography: no longer depends on
cffi-backend and enum, programs fail to start
Changed Bug title to 'python-cryptography: missing dependencies' from
'python3-keyring: ModuleNotFoundError: No module named '_cffi_backend''.
Changed Bug title to 'python-cryptography: missing dependencies' from
'python-cryptography: no longer depends on cffi-backend and enum, programs fail
to start'.
Changed Bug title to 'python-cryptography: missing dependencies' from
'python-cryptography: no longer depends on cffi-backend and enum, programs fail
to start'.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
882011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882011
882016: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882016
882069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882069
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#881598: marked as done (ironic-inspector: fails to install: ValueError: invalid literal for int() with base 10: 'ironic_inspector.sqlite')
Your message dated Sat, 18 Nov 2017 15:49:31 +
with message-id
and subject line Bug#881598: fixed in ironic-inspector 6.0.0-1
has caused the Debian Bug report #881598,
regarding ironic-inspector: fails to install: ValueError: invalid literal for
int() with base 10: 'ironic_inspector.sqlite'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
881598: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881598
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ironic-inspector
Version: 4.2.0-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.
>From the attached log (scroll to the bottom...):
Selecting previously unselected package ironic-inspector.
(Reading database ...
(Reading database ... 16887 files and directories currently installed.)
Preparing to unpack .../ironic-inspector_4.2.0-2_all.deb ...
Unpacking ironic-inspector (4.2.0-2) ...
Setting up ironic-inspector (4.2.0-2) ...
Traceback (most recent call last):
File "/usr/bin/ironic-inspector-dbsync", line 10, in
sys.exit(main())
File "/usr/lib/python2.7/dist-packages/ironic_inspector/dbsync.py", line
94, in main
CONF.command.func(config, CONF.command.name)
File "/usr/lib/python2.7/dist-packages/ironic_inspector/dbsync.py", line
77, in with_revision
do_alembic_command(config, cmd, revision)
File "/usr/lib/python2.7/dist-packages/ironic_inspector/dbsync.py", line
82, in do_alembic_command
getattr(alembic_command, cmd)(config, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/alembic/command.py", line 254, in
upgrade
script.run_env()
File "/usr/lib/python2.7/dist-packages/alembic/script/base.py", line 425,
in run_env
util.load_python_file(self.dir, 'env.py')
File "/usr/lib/python2.7/dist-packages/alembic/util/pyfiles.py", line 93,
in load_python_file
module = load_module_py(module_id, path)
File "/usr/lib/python2.7/dist-packages/alembic/util/compat.py", line 75, in
load_module_py
mod = imp.load_source(module_id, path, fp)
File "/usr/lib/python2.7/dist-packages/ironic_inspector/migrations/env.py",
line 18, in
from ironic_inspector import db
File "/usr/lib/python2.7/dist-packages/ironic_inspector/db.py", line 44, in
'ironic_inspector.sqlite')
File "/usr/lib/python2.7/dist-packages/oslo_db/options.py", line 193, in
set_defaults
conf.set_default('max_pool_size', max_pool_size, group='database')
File "/usr/lib/python2.7/dist-packages/debtcollector/removals.py", line
261, in wrapper
return f(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/oslo_config/cfg.py", line 2402, in
__inner
result = f(self, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/oslo_config/cfg.py", line 2752, in
set_default
opt_info['opt'], default, enforce_type)
File "/usr/lib/python2.7/dist-packages/oslo_config/cfg.py", line 2758, in
_get_enforced_type_value
converted = self._convert_value(value, opt)
File "/usr/lib/python2.7/dist-packages/oslo_config/cfg.py", line 3036, in
_convert_value
return opt.type(value)
File "/usr/lib/python2.7/dist-packages/oslo_config/types.py", line 282, in
__call__
value = self.num_type(value)
ValueError: invalid literal for int() with base 10: 'ironic_inspector.sqlite'
dpkg: error processing package ironic-inspector (--configure):
installed ironic-inspector package post-installation script subprocess
returned error exit status 1
Errors were encountered while processing:
ironic-inspector
cheers,
Andreas
ironic-inspector_4.2.0-2.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: ironic-inspector
Source-Version: 6.0.0-1
We believe that the bug you reported is fixed in the latest version of
ironic-inspector, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand (supplier of updated ironic-inspector package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the
Processed: libxml2: diff for NMU version 2.9.4+dfsg1-5.1
Processing control commands: > tags 855001 + patch Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when parsing a xml file using recover mode Ignoring request to alter tags of bug #855001 to the same tags previously set > tags 855001 + pending Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when parsing a xml file using recover mode Ignoring request to alter tags of bug #855001 to the same tags previously set > tags 878684 + patch Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with error about undefined symbol Ignoring request to alter tags of bug #878684 to the same tags previously set > tags 878684 + pending Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with error about undefined symbol Ignoring request to alter tags of bug #878684 to the same tags previously set > tags 88 + pending Bug #88 [src:libxml2] libxml2: CVE-2017-5130 Ignoring request to alter tags of bug #88 to the same tags previously set -- 855001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001 878684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878684 88: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=88 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#878684: libxml2: diff for NMU version 2.9.4+dfsg1-5.1
Control: tags 855001 + patch Control: tags 855001 + pending Control: tags 878684 + patch Control: tags 878684 + pending Control: tags 88 + pending Dear maintainer, I've prepared an NMU for libxml2 (versioned as 2.9.4+dfsg1-5.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards, Salvatore diff -Nru libxml2-2.9.4+dfsg1/debian/changelog libxml2-2.9.4+dfsg1/debian/changelog --- libxml2-2.9.4+dfsg1/debian/changelog 2017-10-15 02:18:26.0 +0200 +++ libxml2-2.9.4+dfsg1/debian/changelog 2017-11-18 16:39:04.0 +0100 @@ -1,3 +1,15 @@ +libxml2 (2.9.4+dfsg1-5.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix NULL pointer deref in xmlDumpElementContent (CVE-2017-5969) +(Closes: #855001) + * Check for integer overflow in memory debug code (CVE-2017-5130) +(Closes: #88) + * Fix copy-paste errors in error messages + * python: remove single use of _PyVerify_fd (Closes: #878684) + + -- Salvatore Bonaccorso Sat, 18 Nov 2017 16:39:04 +0100 + libxml2 (2.9.4+dfsg1-5) unstable; urgency=medium * Team upload. diff -Nru libxml2-2.9.4+dfsg1/debian/patches/0014-Fix-NULL-pointer-deref-in-xmlDumpElementContent.patch libxml2-2.9.4+dfsg1/debian/patches/0014-Fix-NULL-pointer-deref-in-xmlDumpElementContent.patch --- libxml2-2.9.4+dfsg1/debian/patches/0014-Fix-NULL-pointer-deref-in-xmlDumpElementContent.patch 1970-01-01 01:00:00.0 +0100 +++ libxml2-2.9.4+dfsg1/debian/patches/0014-Fix-NULL-pointer-deref-in-xmlDumpElementContent.patch 2017-11-18 16:39:04.0 +0100 @@ -0,0 +1,65 @@ +From: Daniel Veillard +Date: Wed, 7 Jun 2017 16:47:36 +0200 +Subject: Fix NULL pointer deref in xmlDumpElementContent +Origin: https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882 +Bug-Debian: https://bugs.debian.org/855001 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-5969 + +Can only be triggered in recovery mode. + +Fixes bug 758422 (CVE-2017-5969). +--- + valid.c | 24 ++-- + 1 file changed, 14 insertions(+), 10 deletions(-) + +diff --git a/valid.c b/valid.c +index 9b2df56a..8075d3a0 100644 +--- a/valid.c b/valid.c +@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob) + xmlBufferWriteCHAR(buf, content->name); + break; + case XML_ELEMENT_CONTENT_SEQ: +- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || +- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) ++ if ((content->c1 != NULL) && ++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || ++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) + xmlDumpElementContent(buf, content->c1, 1); + else + xmlDumpElementContent(buf, content->c1, 0); + xmlBufferWriteChar(buf, " , "); +- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || +- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && +- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) ++ if ((content->c2 != NULL) && ++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) || ++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && ++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE + xmlDumpElementContent(buf, content->c2, 1); + else + xmlDumpElementContent(buf, content->c2, 0); + break; + case XML_ELEMENT_CONTENT_OR: +- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || +- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) ++ if ((content->c1 != NULL) && ++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || ++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) + xmlDumpElementContent(buf, content->c1, 1); + else + xmlDumpElementContent(buf, content->c1, 0); + xmlBufferWriteChar(buf, " | "); +- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || +- ((content->c2->type == XML_ELEMENT_CONTENT_OR) && +- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) ++ if ((content->c2 != NULL) && ++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || ++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) && ++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE + xmlDumpElementContent(buf, content->c2, 1); + else + xmlDumpElementContent(buf, content->c2, 0); +-- +2.15.0 + diff -Nru libxml2-2.9.4+dfsg1/debian/patches/0015-Check-for-integer-overflow-in-memory-debug-code.patch libxml2-2.9.4+dfsg1/debian/patches/0015-Check-for-integer-overflow-in-memory-debug-code.patch --- libxml2-2.9.4+dfsg1/debian/patches/0015-Check-for-integer-overflow-in-memory-debug-code.patch 1970-01-01 01:00:00.0 +0100 +++ libxml2-2.9.4+dfsg1/debian/patches/0015-Check-for-integer-overflow-in-memory-debug-code.patch 2017-11-18 16:39:04.0 +0100 @@ -0,0 +1,63 @@ +From: Nick Wellnhofer +Date: Tue, 6 Jun 2017 13:21:14 +0200 +Subject: Check for integer overflow in memory debug code +Origin: https://git.gnome.org/browse/libxml2/commit/?id=897dffba
Processed: libxml2: diff for NMU version 2.9.4+dfsg1-5.1
Processing control commands: > tags 855001 + patch Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when parsing a xml file using recover mode Ignoring request to alter tags of bug #855001 to the same tags previously set > tags 855001 + pending Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when parsing a xml file using recover mode Ignoring request to alter tags of bug #855001 to the same tags previously set > tags 878684 + patch Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with error about undefined symbol Ignoring request to alter tags of bug #878684 to the same tags previously set > tags 878684 + pending Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with error about undefined symbol Ignoring request to alter tags of bug #878684 to the same tags previously set > tags 88 + pending Bug #88 [src:libxml2] libxml2: CVE-2017-5130 Ignoring request to alter tags of bug #88 to the same tags previously set -- 855001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001 878684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878684 88: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=88 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: libxml2: diff for NMU version 2.9.4+dfsg1-5.1
Processing control commands: > tags 855001 + patch Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when parsing a xml file using recover mode Added tag(s) patch. > tags 855001 + pending Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when parsing a xml file using recover mode Added tag(s) pending. > tags 878684 + patch Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with error about undefined symbol Added tag(s) patch. > tags 878684 + pending Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with error about undefined symbol Added tag(s) pending. > tags 88 + pending Bug #88 [src:libxml2] libxml2: CVE-2017-5130 Added tag(s) pending. -- 855001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001 878684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878684 88: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=88 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#881986 marked as pending
Processing commands for cont...@bugs.debian.org: > tag 881986 pending Bug #881986 [src:python-kafka] python-kafka FTBFS with python-lz4 0.10.1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 881986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881986 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#881986: marked as pending
tag 881986 pending thanks Hello, Bug #881986 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/openstack/python/python-kafka.git/commit/?id=5b85859 --- commit 5b858592150e85ba1efa62ec485e3ab1358a4669 Author: Thomas Goirand Date: Fri Nov 17 12:11:16 2017 + Add remove-old-lz4-test.patch (Closes: #881986). diff --git a/debian/changelog b/debian/changelog index 5633ec7..4b53927 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +python-kafka (1.3.3-3) unstable; urgency=medium + + * Add remove-old-lz4-test.patch (Closes: #881986). + + -- Thomas Goirand Fri, 17 Nov 2017 12:11:12 + + python-kafka (1.3.3-2) unstable; urgency=medium * Uploading to unstable (Closes: #834033).
Bug#882075: ffmpeg: sometimes FTBFS on i386
Source: ffmpeg Version: 7:3.4-1 Severity: serious Tags: sid buster And just after I upload 3.4-3... ffmpeg 3.4 sometimes FTBFS on i386, possibly due to some hardware specific thing. It has worked on the buildds so far, but sometimes fails on the ubuntu builders and in reproducible builds with checkasm errors (although often rebuilding helps): > Test checkasm-float_dsp failed. Look at > tests/data/fate/checkasm-float_dsp.err for details. > checkasm: using random seed 2642491962 > SSE: > - float_dsp.vector_fmul [OK] > - float_dsp.vector_fmac [OK] > - float_dsp.butterflies_float [OK] > - float_dsp.scalarproduct_float [OK] > 93: -53.395181798898 - -53.395181798898 = -7.1054273576e-15 > SSE2: >vector_dmul_scalar_sse2 (float_dsp.c:171) > - float_dsp.vector_dmul [FAILED] > - float_dsp.vector_dmac [OK] > AVX: > - float_dsp.vector_fmul [OK] > - float_dsp.vector_fmac [OK] > - float_dsp.vector_dmul [OK] > - float_dsp.vector_dmac [OK] > FMA3: > - float_dsp.vector_fmul [OK] > - float_dsp.vector_fmac [OK] > - float_dsp.vector_dmac [OK] > AVX2: > - float_dsp.vector_fmul [OK] > checkasm: 1 of 20 tests have failed > /build/1st/ffmpeg-3.4/tests/Makefile:225: recipe for target > 'fate-checkasm-float_dsp' failed James signature.asc Description: OpenPGP digital signature
Bug#881986: marked as done (python-kafka FTBFS with python-lz4 0.10.1)
Your message dated Sat, 18 Nov 2017 16:19:26 +
with message-id
and subject line Bug#881986: fixed in python-kafka 1.3.3-3
has caused the Debian Bug report #881986,
regarding python-kafka FTBFS with python-lz4 0.10.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
881986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881986
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-kafka
Version: 1.3.3-2
Severity: serious
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-kafka.html
...
=== FAILURES ===
_ test_lz4_old _
@pytest.mark.skipif(not has_lz4() or platform.python_implementation() ==
'PyPy',
reason="python-lz4 crashes on old versions of pypy")
def test_lz4_old():
for i in xrange(1000):
b1 = random_string(100).encode('utf-8')
> b2 = lz4_decode_old_kafka(lz4_encode_old_kafka(b1))
test/test_codec.py:101:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
payload =
'eEHdGSeNDtPGdsFoZBWbyPtfiLuqDexMGJjalmLGbflCQlRlJSUkIOlNjprhcByztKullDShkZWcZmimcirvBRYfVAaABLjGAaPy'
def lz4_encode_old_kafka(payload):
"""Encode payload for 0.8/0.9 brokers -- requires an incorrect header
checksum."""
> assert xxhash is not None
E AssertionError
kafka/codec.py:229: AssertionError
== 1 failed, 231 passed, 81 skipped in 21.66 seconds ===
debian/rules:14: recipe for target 'override_dh_auto_test' failed
make[1]: *** [override_dh_auto_test] Error 1
--- End Message ---
--- Begin Message ---
Source: python-kafka
Source-Version: 1.3.3-3
We believe that the bug you reported is fixed in the latest version of
python-kafka, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand (supplier of updated python-kafka package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 17 Nov 2017 12:11:12 +
Source: python-kafka
Binary: python-kafka python-kafka-doc python3-kafka
Architecture: source all
Version: 1.3.3-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack
Changed-By: Thomas Goirand
Description:
python-kafka - Pure Python client for Apache Kafka - Python 2.x
python-kafka-doc - Pure Python client for Apache Kafka - doc
python3-kafka - Pure Python client for Apache Kafka - Python 3.x
Closes: 881986
Changes:
python-kafka (1.3.3-3) unstable; urgency=medium
.
* Add remove-old-lz4-test.patch (Closes: #881986).
Checksums-Sha1:
5ab09511e09bcd3900069bca4775d8eb460613f6 2533 python-kafka_1.3.3-3.dsc
42d0203b190495876289dad52aa19f6f8c5eb01b 4900
python-kafka_1.3.3-3.debian.tar.xz
88adabb3a1757632a1e17b38447d4256e37ed964 216072
python-kafka-doc_1.3.3-3_all.deb
a4d578e323682ef0dc4d7822929d6101ff82d808 140636 python-kafka_1.3.3-3_all.deb
1417cd870dfdeaf9b2cd21b63577d4e75df65e9f 10124
python-kafka_1.3.3-3_amd64.buildinfo
360bf8cef59437a64995d68417b012142406d48f 140724 python3-kafka_1.3.3-3_all.deb
Checksums-Sha256:
37f3c051ef025ade1a67e85ee10ba2bd85125ad212b88bc06b0e3df2c7ad1aff 2533
python-kafka_1.3.3-3.dsc
678cb957f5ca9432393a2884299b2ec160850757b18a24a8fd19c74d1c496dde 4900
python-kafka_1.3.3-3.debian.tar.xz
77d1f7b45f32790b7ca3bb3cbf1773a65236141718363a7f0b420689c1c9834e 216072
python-kafka-doc_1.3.3-3_all.deb
1dc5535a4fac6f12d1cc102608632720556c2b949e77f03f44550e7909e136c4 140636
python-kafka_1.3.3-3_all.deb
395cf8064d0dda6d20b4111b03215fe089acd9ce34cff1b6de92e8de30ba8438 10124
python-kafka_1.3.3-3_amd64.buildinfo
15fe0389e9ce4f64414297c46ffaac32802b1c9b948ee37a952f7c47cecf2291 140724
python3-kafka_1.3.3-3_all.deb
Files:
939b2eb036e1badd1b8d29a39e90defd 2533 python optional python-kafka_1.3.3-3.dsc
c89b1b55a26ed20d974cc261ac2300d6 4900 python optional
python-kafka_1.3.3-3.debian.tar.xz
56fe23db8909c199174a4a7f8da3e17e 216072 doc optional
python-kafka-doc_1.3.3-3_all.deb
5b77acd5c3387dca962ed0bf50a35c93 14063
Bug#879071: fixed in 0ad 0.0.22-2
Hello, 2017-11-18 6:21 GMT+01:00 Petter Reinholdtsen : > [Ludovic Rousseau] > > 0ad (0.0.22-2) unstable; urgency=medium > > . > >* Fix "0ad FTBFS with on armhf with gcc 7: error: call of overloaded > > 'abs(unsigned int)' is ambiguous" by removing support of armhf > > (Closes: #879071) > > Note, this "fix" did not work, as there are armhf binaries in the archive > and the new version is not allowed to propagate into testing until the > armhf binaries are updated to the latest version or removed. Did you > file a request for removal? > Adrian Bunk filed bug #880058 "RM: 0ad [armhf] -- NBS; no longer built on armhf" I am not sure it will be enough since the versions for arm64, kfreebsd-amd64 and kfreebsd-i386 must also be removed. Should I create 3 new bugs for the other 3 architectures? This bug just caused 0ad to be removed from testing. > Yes. I saw that. Thanks -- Dr. Ludovic Rousseau
Bug#879071: fixed in 0ad 0.0.22-2
Hi, On 18/11/17 16:21, Ludovic Rousseau wrote: > Hello, > > 2017-11-18 6:21 GMT+01:00 Petter Reinholdtsen : > >> [Ludovic Rousseau] >>> 0ad (0.0.22-2) unstable; urgency=medium >>> . >>>* Fix "0ad FTBFS with on armhf with gcc 7: error: call of overloaded >>> 'abs(unsigned int)' is ambiguous" by removing support of armhf >>> (Closes: #879071) >> >> Note, this "fix" did not work, as there are armhf binaries in the archive >> and the new version is not allowed to propagate into testing until the >> armhf binaries are updated to the latest version or removed. Did you >> file a request for removal? >> > > Adrian Bunk filed bug #880058 "RM: 0ad [armhf] -- NBS; no longer built on > armhf" > > I am not sure it will be enough since the versions for arm64, > kfreebsd-amd64 and kfreebsd-i386 must also be removed. > Should I create 3 new bugs for the other 3 architectures? You can just retitle the original bug, with a message explaining the situation (assuming it isn't closed before then). Currently we have: 0ad | 0.0.21-2 | stretch | source, amd64, armhf, i386 0ad | 0.0.21-2 | sid | source, armhf, kfreebsd-amd64, kfreebsd-i386 0ad | 0.0.22-3 | sid | source, amd64, i386 So I think only armhf and kfreebsd-* need removing (not arm64). kfreebsd doesn't affect testing migration in any case. Thanks, James signature.asc Description: OpenPGP digital signature
Bug#881915: libidn FTBFS with gtk-doc-tools 1.26: gtkdoc-mktmpl is no longer available
On Sat, Nov 18, 2017 at 09:36:58AM +0100, Helmut Grohne wrote: >... > +override_dh_autoreconf: > + rm -f gtk-doc.make > + gtkdocize > + dh_autoreconf >... The "rm -f gtk-doc.make" has to be done when cleaning, not in autoreconf. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Bug#879071: fixed in 0ad 0.0.22-2
2017-11-18 17:28 GMT+01:00 James Cowgill : > Hi, > > On 18/11/17 16:21, Ludovic Rousseau wrote: > > Hello, > > > > 2017-11-18 6:21 GMT+01:00 Petter Reinholdtsen : > > > >> [Ludovic Rousseau] > >>> 0ad (0.0.22-2) unstable; urgency=medium > >>> . > >>>* Fix "0ad FTBFS with on armhf with gcc 7: error: call of overloaded > >>> 'abs(unsigned int)' is ambiguous" by removing support of armhf > >>> (Closes: #879071) > >> > >> Note, this "fix" did not work, as there are armhf binaries in the > archive > >> and the new version is not allowed to propagate into testing until the > >> armhf binaries are updated to the latest version or removed. Did you > >> file a request for removal? > >> > > > > Adrian Bunk filed bug #880058 "RM: 0ad [armhf] -- NBS; no longer built on > > armhf" > > > > I am not sure it will be enough since the versions for arm64, > > kfreebsd-amd64 and kfreebsd-i386 must also be removed. > > Should I create 3 new bugs for the other 3 architectures? > > You can just retitle the original bug, with a message explaining the > situation (assuming it isn't closed before then). > > Currently we have: > 0ad | 0.0.21-2 | stretch | source, amd64, armhf, i386 > 0ad | 0.0.21-2 | sid | source, armhf, kfreebsd-amd64, kfreebsd-i386 > 0ad | 0.0.22-3 | sid | source, amd64, i386 > > So I think only armhf and kfreebsd-* need removing (not arm64). kfreebsd > doesn't affect testing migration in any case. > So bug #880058, as it is, will remove the armhf version and 0ad should then be able to migrate to testing. I should _not_ file new bugs. Exact? Thanks -- Dr. Ludovic Rousseau
Bug#882052: byte-buddy: missing build dependency on libeclipse-aether-java
Good catch. Actually it should depend on maven-resolver, eclipse-aether is about to be removed. Emmanuel Bourg
Bug#859786: marked as done (vtun: Please migrate to openssl1.1 in Buster)
Your message dated Sat, 18 Nov 2017 17:20:59 + with message-id and subject line Bug#859786: fixed in vtun 3.0.3-4 has caused the Debian Bug report #859786, regarding vtun: Please migrate to openssl1.1 in Buster to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859786 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: vtun Version: 3.0.3-3 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Please migrate to libssl-dev in the Buster cycle. The bug report about the FTBFS is #828596. The log of the FTBFS can be found at https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/vtun_3.0.3-2.2_amd64-20160529-1551 Sebastian --- End Message --- --- Begin Message --- Source: vtun Source-Version: 3.0.3-4 We believe that the bug you reported is fixed in the latest version of vtun, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adam Borowski (supplier of updated vtun package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2017 17:38:39 +0100 Source: vtun Binary: vtun Architecture: source Version: 3.0.3-4 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Adam Borowski Description: vtun - virtual tunnel over TCP/IP networks Closes: 859786 Changes: vtun (3.0.3-4) unstable; urgency=medium . * QA upload. * Fix FTBFS with OpenSSL 1.1 and switch to it, patch by Chris West. Closes: #859786. * dh compat 10. Checksums-Sha1: 86d8b8374e1f80427321c21961bb89a2899276c4 1768 vtun_3.0.3-4.dsc 8c10a36b1a08d5a34c0493361af88ada41dfea6c 27588 vtun_3.0.3-4.debian.tar.xz ffb41d8b04d7a21c112da0560e1db853d70cc478 5344 vtun_3.0.3-4_source.buildinfo Checksums-Sha256: 4a668cf73311729bf41ea2c48c116c5bbf3084e3257479b11866b7531e56a05a 1768 vtun_3.0.3-4.dsc 282ee44b58c182bc23b18a8d6e4fb36d07e3cc2b3a2b742c9695391cee52bd04 27588 vtun_3.0.3-4.debian.tar.xz 2bfd6786e6d721f08c1936b9f0d8ad3efa06d05836e551218b1e1700a4e5d2c9 5344 vtun_3.0.3-4_source.buildinfo Files: fb934f0f4e744946aceea297c954bddd 1768 net optional vtun_3.0.3-4.dsc b0f31102381fac82c29597f2b5b56165 27588 net optional vtun_3.0.3-4.debian.tar.xz 1ccd089ca6312683250eb1b5166612cd 5344 net optional vtun_3.0.3-4_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEEkjZVexcMh/iCHArDweDZLphvfH4FAloQYmAUHGtpbG9ieXRl QGFuZ2JhbmQucGwACgkQweDZLphvfH4AXBAAwf/Lm1y9N1KmvTswNyJoJGEA2zIe rc77CPPlz0cPcXBCgnoV099hwpcFosWOjE1ocDNnqXwIZhXi3Tr0d8v1nsGwrO0P XLlLw5c4yq46r+SFr8hX3R/Oee+/rHCJvqaBm/umbw2Wqq04Ff47it022go3+Ouc mS52LdqL+om0Sxfka0dOz+t0fUVF8nF0LnibbiqP44LJGv0D5zbAsp5UuDop3uRs dMSkECKIBtbXpmaTOX3vgevQxuno1C5vtFwDjKv4gq4MNVGscw+Dis+wQmOWrOSC 9IA68FTTmpCnD5f7ZEEKUxSrRsmHUH6v3C6Wn3B898K6ErUYM9LRuxnN4KnOwVNN gwmyUcD1ZEAiW1z7Fj1+QPfJ5bLskkbQ2PbciUDYIDREU3/vuFoPUMbQWVRCdlEg UEpauDtHjMWwbppxPnIiewuWcAyv17j/9WMgri5byh1RBdSPDNoxiEdoUy6O3wdh 3QfZhQ/lddyQfyhfSi5IHLsOuedeq+Nkw0pS1yZnRkXU7jv/0Jp4KA5d9AqnKeLG 85Mgc9X/yJbB1S12WH4pTlunw55rRXQoLsYpEB3t85UnTQ2lZMc5ukfJ9MAhKdld NVijmRbvzIQPSoWeJgeqfNdmlQ/8xkZFBi2v/Y2qUo+en95DjXyzn1mAQIjcg+Eg JbJg4WnC7EauKeQ= =9lL5 -END PGP SIGNATURE End Message ---
Bug#864927: marked as done (kde-l10n-sr and plasma-desktop-data: error when trying to install together)
Your message dated Sat, 18 Nov 2017 18:07:10 + with message-id and subject line Bug#864927: fixed in kde-l10n 4:16.04.3-2 has caused the Debian Bug report #864927, regarding kde-l10n-sr and plasma-desktop-data: error when trying to install together to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864927: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864927 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: plasma-desktop-data,kde-l10n-sr Version: plasma-desktop-data/4:5.8.7.1-1 Version: kde-l10n-sr/4:16.04.3-1 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Date: 2017-06-17 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously unselected package liblz4-1:amd64. (Reading database ... 11003 files and directories currently installed.) Preparing to unpack .../liblz4-1_0.0~r131-2+b1_amd64.deb ... Unpacking liblz4-1:amd64 (0.0~r131-2+b1) ... Processing triggers for libc-bin (2.24-11) ... Setting up liblz4-1:amd64 (0.0~r131-2+b1) ... Processing triggers for libc-bin (2.24-11) ... Selecting previously unselected package gcc-6-base:amd64. (Reading database ... 11009 files and directories currently installed.) Preparing to unpack .../gcc-6-base_6.3.0-18_amd64.deb ... Unpacking gcc-6-base:amd64 (6.3.0-18) ... Setting up gcc-6-base:amd64 (6.3.0-18) ... (Reading database ... 11016 files and directories currently installed.) Preparing to unpack .../aptitude_0.8.7-1_amd64.deb ... Unpacking aptitude (0.8.7-1) over (0.6.10-1) ... Preparing to unpack .../aptitude-common_0.8.7-1_all.deb ... Unpacking aptitude-common (0.8.7-1) over (0.6.10-1) ... Selecting previously unselected package libboost-system1.62.0:amd64. Preparing to unpack .../libboost-system1.62.0_1.62.0+dfsg-4_amd64.deb ... Unpacking libboost-system1.62.0:amd64 (1.62.0+dfsg-4) ... Selecting previously unselected package libboost-filesystem1.62.0:amd64. Preparing to unpack .../libboost-filesystem1.62.0_1.62.0+dfsg-4_amd64.deb ... Unpacking libboost-filesystem1.62.0:amd64 (1.62.0+dfsg-4) ... Selecting previously unselected package libboost-iostreams1.62.0:amd64. Preparing to unpack .../libboost-iostreams1.62.0_1.62.0+dfsg-4_amd64.deb ... Unpacking libboost-iostreams1.62.0:amd64 (1.62.0+dfsg-4) ... Processing triggers for man-db (2.7.6.1-2) ... Processing triggers for libc-bin (2.24-11) ... (Reading database ... 11028 files and directories currently installed.) Removing libcwidget3:amd64 (0.5.17-1) ... Removing libsigc++-2.0-0c2a:amd64 (2.4.1-1) ... Selecting previously unselected package libsigc++-2.0-0v5:amd64. (Reading database ... 10975 files and directories currently installed.) Preparing to unpack .../libsigc++-2.0-0v5_2.10.0-1_amd64.deb ... Unpacking libsigc++-2.0-0v5:amd64 (2.10.0-1) ... Selecting previously unselected package libcwidget3v5:amd64. Preparing to unpack .../libcwidget3v5_0.5.17-4+b1_amd64.deb ... Unpacking libcwidget3v5:amd64 (0.5.17-4+b1) ... Selecting previously unselected package libxapian30:amd64. Preparing to unpack .../libxapian30_1.4.3-2_amd64.deb ... Unpacking libxapian30:amd64 (1.4.3-2) ... Preparing to unpack .../libstdc++6_6.3.0-18_amd64.deb ... Unpacking libstdc++6:amd64 (6.3.0-18) over (4.8.2-19) ... Processing triggers for libc-bin (2.24-11) ... Setting up libstdc++6:amd64 (6.3.0-18) ... Processing triggers for libc-bin (2.24-11) ... Selecting previously unselected package libapt-inst2.0:amd64. (Reading database ... 11050 files and directories currently installed.) Preparing to unpack .../libapt-inst2.0_1.4.6_amd64.deb ... Unpacking libapt-inst2.0:amd64 (1.4.6) ... Selecting previously unselected package libdb5.3:amd64. Preparing to unpack .../libdb5.3_5.3.28-12+b1_amd64.deb ... Unpacking libdb5.3:amd64 (5.3.28-12+b1) ... Preparing to unpack .../apt-utils_1.4.6_amd64.deb ... Unpacking apt-utils (1.4.6) over (0.9.15.5) ... Preparing to unpack .../archives/apt_1.4.6_amd64.deb ... Unpacking apt (1.4.6) over (1.0.4) ... Selecting previously unselected package libapt-pkg5.0:amd64. Preparing to unpack .../libapt-pkg5.0_1.4.6_amd64.deb ... Unpacking libapt-pkg5.0:amd64 (1.4.6) ... Processing triggers for libc-bin (2.24-11) ... Processing triggers for man-db (2.7.6.1-2) ... Setting up libapt-pkg5.0:amd64 (1.4.6) ... Processing triggers for libc-bin (2.24-11) ... Selecting previously unselected package libdouble-conversion1:amd64. (Reading database ... 11169 files and directories currently insta
Bug#879071: fixed in 0ad 0.0.22-2
Hi, On 18/11/17 16:41, Ludovic Rousseau wrote: > 2017-11-18 17:28 GMT+01:00 James Cowgill : >> On 18/11/17 16:21, Ludovic Rousseau wrote: >>> 2017-11-18 6:21 GMT+01:00 Petter Reinholdtsen : >>> [Ludovic Rousseau] > 0ad (0.0.22-2) unstable; urgency=medium > . >* Fix "0ad FTBFS with on armhf with gcc 7: error: call of overloaded > 'abs(unsigned int)' is ambiguous" by removing support of armhf > (Closes: #879071) Note, this "fix" did not work, as there are armhf binaries in the >> archive and the new version is not allowed to propagate into testing until the armhf binaries are updated to the latest version or removed. Did you file a request for removal? >>> >>> Adrian Bunk filed bug #880058 "RM: 0ad [armhf] -- NBS; no longer built on >>> armhf" >>> >>> I am not sure it will be enough since the versions for arm64, >>> kfreebsd-amd64 and kfreebsd-i386 must also be removed. >>> Should I create 3 new bugs for the other 3 architectures? >> >> You can just retitle the original bug, with a message explaining the >> situation (assuming it isn't closed before then). >> >> Currently we have: >> 0ad | 0.0.21-2 | stretch | source, amd64, armhf, i386 >> 0ad | 0.0.21-2 | sid | source, armhf, kfreebsd-amd64, kfreebsd-i386 >> 0ad | 0.0.22-3 | sid | source, amd64, i386 >> >> So I think only armhf and kfreebsd-* need removing (not arm64). kfreebsd >> doesn't affect testing migration in any case. > > So bug #880058, as it is, will remove the armhf version and 0ad should then > be able to migrate to testing. Yes. > I should _not_ file new bugs. Exact? It probably doesn't matter much, but I think it's easier to retitle existing bugs if you want to remove the kfreebsd-* binaries as well. James signature.asc Description: OpenPGP digital signature
Bug#878684: marked as done (python3-libxml2: Import fails in Python 3 with error about undefined symbol)
Your message dated Sat, 18 Nov 2017 18:24:30 + with message-id and subject line Bug#878684: fixed in libxml2 2.9.4+dfsg1-5.1 has caused the Debian Bug report #878684, regarding python3-libxml2: Import fails in Python 3 with error about undefined symbol to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878684 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: python3-libxml2 Version: 2.9.4+dfsg1-5 Severity: important python3-libmlx2 doesn't work: $ python3 Python 3.6.3 (default, Oct 3 2017, 21:16:13) [GCC 7.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import libxml2 Traceback (most recent call last): File "", line 1, in File "/usr/lib/python3/dist-packages/libxml2.py", line 1, in import libxml2mod ImportError: /usr/lib/python3/dist-packages/libxml2mod.cpython-36m-x86_64-linux-gnu.so: undefined symbol: _PyVerify_fd >>> Best regards, Torquil Sørensen -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (990, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages python3-libxml2 depends on: ii libc6 2.24-17 ii libpython3.5 3.5.4-4 ii libpython3.6 3.6.3-1 ii libxml2 2.9.4+dfsg1-5 ii python3 3.6.3-1 python3-libxml2 recommends no packages. python3-libxml2 suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: libxml2 Source-Version: 2.9.4+dfsg1-5.1 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2017 16:39:04 +0100 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg Architecture: source Version: 2.9.4+dfsg1-5.1 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group Changed-By: Salvatore Bonaccorso Closes: 855001 878684 88 Description: libxml2- GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.4+dfsg1-5.1) unstable; urgency=medium . * Non-maintainer upload. * Fix NULL pointer deref in xmlDumpElementContent (CVE-2017-5969) (Closes: #855001) * Check for integer overflow in memory debug code (CVE-2017-5130) (Closes: #88) * Fix copy-paste errors in error messages * python: remove single use of _PyVerify_fd (Closes: #878684) Checksums-Sha1: 871bb7ee1f4aa0a11266fdd521f00c03d8b2878e 3131 libxml2_2.9.4+dfsg1-5.1.dsc e186b1e483df0dfe248dbb7e28c7304fa7d72a15 35444 libxml2_2.9.4+dfsg1-5.1.debian.tar.xz Checksums-Sha256: 7a43531fcb67956df3973605720b02c09044594c9e7434edb80d336449557826 3131 libxml2_2.9.4+dfsg1-5.1.dsc 0a900d807f5de69cb27ddca74db8d6bb83d37abcdfee1c9b2f8a8ddb7ea028f4 35444 libxml2_2.9.4+dfsg1-5.1.debian.tar.xz Files: 05e2a7b85132c0e38ecb5de2810559a5 3131 libs optional libxml2_2.9.4+dfsg1-5.1.dsc 64e57ddc61b367103a34e2be4046dd37 35444 libs optional libxml2_2.9.4+dfsg1-5.1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloQVdVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ
Bug#882085: [cowsay] Package includes ASCII representation of Zoophilia
Package: cowsay Version: 3.03+dfsg2-3 Severity: critical --- Please enter the report below this line. --- The package cowsay includes an ASCII representation of Zoophilia. The file in question is /usr/share/cowsay/cows/sodomized-sheep.cow This is a legal issue in many countries. Even if it's not well-defined by law if ASCII representations of Zoophilia are legal or not, I'd rather prefer not to take a chance being involved in a lawsuit when such a file could be found on my computer. Please remove the file from the packages as soon as possible. Thank you. All the best Felicia --- System information. --- Architecture: Kernel: Linux 4.9.0-3-amd64 Debian Release: buster/sid 500 testing www.deb-multimedia.org 500 testing ftp2.de.debian.org 500 testing devel.alephobjects.com 500 stable repository.spotify.com 500 stable repos.fds-team.de 500 stable repo.skype.com 500 stable repo.adminlounge.org 500 stable dl.google.com 500 stable deb.dovetail-automata.com 500 oldstable ftp2.de.debian.org 100 jessie-backports ftp.de.debian.org --- Package information. --- Depends (Version) | Installed =-+-=== libtext-charwidth-perl| 0.04-7.1 perl:any | Recommends (Version) | Installed =-+-=== cowsay-off| 3.03+dfsg2-3 Suggests (Version) | Installed ===-+-=== filters |
Bug#881756: swi-prolog: FTBFS on mips: Build killed with signal TERM
Hi James, Пт 17 ноя 2017 @ 17:15 James Cowgill : > IMO the best solution is to remove all the ATOMIC_GENERATION_HACK code > and use libatomic, but this will take some porting work because > swi-prolog uses the old __sync primitives everywhere. > > I have attached a hack which marks _generation and _last_generation as > volatile. This seems to work but isn't a long term solution. Thanks for your input! I've informed upstream about the issue you found and your suggestions. Regards, Lev
Processed: Re: Bug#882080: debian-goodies: checkrestart from debian-goodies 0.77 finds no files to restart
Processing control commands: > severity -1 serious Bug #882080 [debian-goodies] debian-goodies: checkrestart from debian-goodies 0.77 finds no files to restart Severity set to 'serious' from 'important' -- 882080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882080 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 882080
Processing commands for cont...@bugs.debian.org: > tags 882080 + confirmed Bug #882080 [debian-goodies] debian-goodies: checkrestart from debian-goodies 0.77 finds no files to restart Added tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 882080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882080 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#851506: cpanminus embeds other modules in fatpacked library
Processing control commands: > found -1 1.7040-1 Bug #851506 [cpanminus] cpanminus embeds other modules in fatpacked library Marked as found in versions cpanminus/1.7040-1. > severity -1 serious Bug #851506 [cpanminus] cpanminus embeds other modules in fatpacked library Severity set to 'serious' from 'normal' -- 851506: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851506 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#882080: debian-goodies: checkrestart from debian-goodies 0.77 finds no files to restart
Hi, according to git bisect, commit 8c3cad64d8b11f3acba4a856dcc915400d97380d is the culprit: → git bisect run sh -c "ssh root@localhost '~abe/debian-goodies/debian-goodies/checkrestart 2>&1' | egrep 'Found [^0][0-9]* processes using old versions of upgraded files'" running sh -c ssh root@localhost '~abe/debian-goodies/debian-goodies/checkrestart 2>&1' | egrep 'Found [^0][0-9]* processes using old versions of upgraded files' Bisecting: 5 revisions left to test after this (roughly 3 steps) [aa0411a3db01a1d220b19e12dec128691b9377c9] Document --terse option and adjust example for --machine output to the real output shown running sh -c ssh root@localhost '~abe/debian-goodies/debian-goodies/checkrestart 2>&1' | egrep 'Found [^0][0-9]* processes using old versions of upgraded files' Bisecting: 2 revisions left to test after this (roughly 2 steps) [8c3cad64d8b11f3acba4a856dcc915400d97380d] Provide machine readable output based on patch provided by Simon Ruderich running sh -c ssh root@localhost '~abe/debian-goodies/debian-goodies/checkrestart 2>&1' | egrep 'Found [^0][0-9]* processes using old versions of upgraded files' Bisecting: 0 revisions left to test after this (roughly 1 step) [bad5f00c933eae6a1c4d0048fa08e139e7de7ad8] debian/copyright: Switch one previously overseen URL to HTTPS running sh -c ssh root@localhost '~abe/debian-goodies/debian-goodies/checkrestart 2>&1' | egrep 'Found [^0][0-9]* processes using old versions of upgraded files' Found 201 processes using old versions of upgraded files 8c3cad64d8b11f3acba4a856dcc915400d97380d is the first bad commit commit 8c3cad64d8b11f3acba4a856dcc915400d97380d Author: Javier Fernandez-Sanguino Date: Mon Nov 6 22:43:26 2017 +0100 Provide machine readable output based on patch provided by Simon Ruderich :100755 100755 52dbc70e0a143c6fdaeb0b567c0ae6cad3f947c0 ee28021dc740b409b059f7fa1f9baa5f669f9be0 M checkrestart bisect run success Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Processed: Version fix
Processing commands for cont...@bugs.debian.org: > notfound 838638 0.9.30+debian1-1.1 Bug #838638 [python3-googlecloudapis] /usr/bin/python3-google-api-tools broken; missing several dependencies, does not work even after doing so No longer marked as found in versions python-googlecloudapis/0.9.30+debian1-1.1. > found 838638 0.9.30+debian1-1 Bug #838638 [python3-googlecloudapis] /usr/bin/python3-google-api-tools broken; missing several dependencies, does not work even after doing so Marked as found in versions python-googlecloudapis/0.9.30+debian1-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 838638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838638 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#873099: marked as done (imagemagick: CVE-2017-13134)
Your message dated Sat, 18 Nov 2017 21:03:47 + with message-id and subject line Bug#873099: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3 has caused the Debian Bug report #873099, regarding imagemagick: CVE-2017-13134 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873099: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873099 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security patch upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/670 Hi, the following vulnerability was published for imagemagick. CVE-2017-13134[0]: | In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the | function SFWScan in coders/sfw.c, which allows attackers to cause a | denial of service via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13134 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13134 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-11+deb9u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 10 Nov 2017 20:46:29 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Mühlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16 libmagickcor
Bug#873134: marked as done (imagemagick: CVE-2017-12983)
Your message dated Sat, 18 Nov 2017 21:03:47 + with message-id and subject line Bug#873134: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3 has caused the Debian Bug report #873134, regarding imagemagick: CVE-2017-12983 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873134: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873134 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security patch upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/682 Hi, the following vulnerability was published for imagemagick. CVE-2017-12983[0]: | Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c | in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of | service (application crash) or possibly have unspecified other impact | via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12983 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12983 [1] https://github.com/ImageMagick/ImageMagick/issues/682 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-11+deb9u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 10 Nov 2017 20:46:29 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Mühlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library
Bug#878578: marked as done (imagemagick: CVE-2017-15277)
Your message dated Sat, 18 Nov 2017 21:03:47 + with message-id and subject line Bug#878578: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3 has caused the Debian Bug report #878578, regarding imagemagick: CVE-2017-15277 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878578 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: patch security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/592 Hi, the following vulnerability was published for imagemagick. CVE-2017-15277[0]: | ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick | 1.3.26 leaves the palette uninitialized when processing a GIF file that | has neither a global nor local palette. If the affected product is used | as a library loaded into a process that operates on interesting data, | this data sometimes can be leaked via the uninitialized palette. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15277 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15277 [1] https://github.com/ImageMagick/ImageMagick/issues/592 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-11+deb9u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 10 Nov 2017 20:46:29 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Mühlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-lev
Bug#876097: marked as done (imagemagick: CVE-2017-14224: Heap buffer overflow in WritePCXImage)
Your message dated Sat, 18 Nov 2017 21:03:47 + with message-id and subject line Bug#876097: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3 has caused the Debian Bug report #876097, regarding imagemagick: CVE-2017-14224: Heap buffer overflow in WritePCXImage to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876097: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876097 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: upstream security patch Forwarded: https://github.com/ImageMagick/ImageMagick/issues/733 Hi, the following vulnerability was published for imagemagick. CVE-2017-14224[0]: | A heap-based buffer overflow in WritePCXImage in coders/pcx.c in | ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of | service or code execution via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14224 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14224 [1] https://github.com/ImageMagick/ImageMagick/issues/733 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-11+deb9u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 10 Nov 2017 20:46:29 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Mühlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header fil
Bug#875800: marked as done (double free or corruption (!prev))
Your message dated Sat, 18 Nov 2017 21:03:42 + with message-id and subject line Bug#875800: fixed in flickcurl 1.26-2+deb9u1 has caused the Debian Bug report #875800, regarding double free or corruption (!prev) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875800: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875800 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: flickcurl-utils Version: 1.26-2 Severity: grave File: /usr/bin/flickcurl $ flickcurl oauth.create *** Error in `flickcurl': double free or corruption (!prev): 0x0176b510 *** === Backtrace: = /lib/i386-linux-gnu/libc.so.6(+0x698aa)[0xb72e18aa] /lib/i386-linux-gnu/libc.so.6(+0x705f7)[0xb72e85f7] /lib/i386-linux-gnu/libc.so.6(+0x70e46)[0xb72e8e46] /usr/lib/i386-linux-gnu/libflickcurl.so.0(flickcurl_free_form+0x22)[0xb7748a62] /usr/lib/i386-linux-gnu/libflickcurl.so.0(flickcurl_oauth_create_request_token+0x201)[0xb7766f61] flickcurl(+0xce50)[0x469e50] flickcurl(main+0x62c)[0x46425c] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7290456] flickcurl(+0x7310)[0x464310] === Memory map: 0045d000-0047c000 r-xp 08:08 65457 /usr/bin/flickcurl 0047c000-0047d000 r--p 0001e000 08:08 65457 /usr/bin/flickcurl 0047d000-0047f000 rw-p 0001f000 08:08 65457 /usr/bin/flickcurl 00a1b000-017a5000 rw-p 00:00 0 [heap] b400-b4021000 rw-p 00:00 0 b4021000-b410 ---p 00:00 0 b41d4000-b41d9000 r-xp 08:08 228674 /lib/i386-linux-gnu/libnss_dns-2.25.so b41d9000-b41da000 r--p 4000 08:08 228674 /lib/i386-linux-gnu/libnss_dns-2.25.so b41da000-b41db000 rw-p 5000 08:08 228674 /lib/i386-linux-gnu/libnss_dns-2.25.so b41db000-b41e6000 r-xp 08:08 228676 /lib/i386-linux-gnu/libnss_files-2.25.so... -- System Information: Debian Release: buster/sid APT prefers experimental APT policy: (990, 'experimental'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 4.12.0-1-686-pae (SMP w/1 CPU core) Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), LANGUAGE=zh_TW.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages flickcurl-utils depends on: ii libc62.25-0experimental3 ii libcurl3-gnutls 7.55.1-1 ii libflickcurl01.26-2 ii libraptor2-0 2.0.14-1+b1 ii libxml2 2.9.4+dfsg1-4 flickcurl-utils recommends no packages. flickcurl-utils suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: flickcurl Source-Version: 1.26-2+deb9u1 We believe that the bug you reported is fixed in the latest version of flickcurl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kumar Appaiah (supplier of updated flickcurl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 30 Mar 2017 07:25:12 +0530 Source: flickcurl Binary: libflickcurl-dev libflickcurl0 libflickcurl0-dbg flickcurl-utils flickcurl-doc Architecture: source all amd64 Version: 1.26-2+deb9u1 Distribution: stable Urgency: medium Maintainer: Kumar Appaiah Changed-By: Kumar Appaiah Description: flickcurl-doc - utilities to call the Flickr API from command line - documentatio flickcurl-utils - utilities to call the Flickr API from command line libflickcurl-dev - C library for accessing the Flickr API - development files libflickcurl0 - C library for accessing the Flickr API libflickcurl0-dbg - C library for accessing the Flickr API - debugging symbols Closes: 859019 875800 Changes: flickcurl (1.26-2+deb9u1) stable; urgency=medium . * Apply patch from upstream to fix oauth token fetching * Apply patch from upstream to prevent double free corruption during authentication (Closes: #875800) * Remove broken devhelp link in flickcurl-doc (Closes: #859019) Checksums-Sha1: c652fcb0fab9189c31b4755ce544513dc4cb8ea7 2217 flickcurl_1.26-2+deb9u1.dsc fcc0ead917f2d74c1669697bb77ebc0c1f5eb960 6768 flickcurl_1.26-2+deb9u1.debian.tar.xz fe69c19c852
Bug#878508: marked as done (imagemagick: CVE-2017-13758)
Your message dated Sat, 18 Nov 2017 21:03:47 + with message-id and subject line Bug#878508: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3 has caused the Debian Bug report #878508, regarding imagemagick: CVE-2017-13758 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878508: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878508 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: patch security upstream Forwarded: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583 Hi, the following vulnerability was published for imagemagick. CVE-2017-13758[0]: | In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the | TracePoint() function in MagickCore/draw.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13758 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13758 [1] https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-11+deb9u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 10 Nov 2017 20:46:29 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Mühlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quan
Bug#878527: marked as done (imagemagick: CVE-2017-14607)
Your message dated Sat, 18 Nov 2017 21:03:47 + with message-id and subject line Bug#878527: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3 has caused the Debian Bug report #878527, regarding imagemagick: CVE-2017-14607 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878527 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: patch security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/765 Hi, the following vulnerability was published for imagemagick. CVE-2017-14607[0]: | In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to | ReadTIFFImage has been reported in coders/tiff.c. An attacker could | possibly exploit this flaw to disclose potentially sensitive memory or | cause an application crash. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14607 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14607 [1] https://github.com/ImageMagick/ImageMagick/issues/765 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-11+deb9u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 10 Nov 2017 20:46:29 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Mühlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation libr
Bug#876488: marked as done (imagemagick: CVE-2017-14682: Heap buffer overflow in GetNextToken())
Your message dated Sat, 18 Nov 2017 21:03:47 + with message-id and subject line Bug#876488: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3 has caused the Debian Bug report #876488, regarding imagemagick: CVE-2017-14682: Heap buffer overflow in GetNextToken() to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876488: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876488 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: grave Tags: upstream security patch Forwarded: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726 Hi, the following vulnerability was published for imagemagick. CVE-2017-14682[0]: | GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote | attackers to cause a denial of service (heap-based buffer overflow and | application crash) or possibly have unspecified other impact via a | crafted SVG document, a different vulnerability than CVE-2017-10928. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14682 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14682 [1] https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726 [2] https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-11+deb9u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 10 Nov 2017 20:46:29 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Mühlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-o
Bug#878562: marked as done (imagemagick: CVE-2017-14989)
Your message dated Sat, 18 Nov 2017 21:03:47 + with message-id and subject line Bug#878562: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3 has caused the Debian Bug report #878562, regarding imagemagick: CVE-2017-14989 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.8.9.9-1 Severity: important Tags: patch security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/781 Hi, the following vulnerability was published for imagemagick. CVE-2017-14989[0]: | A use-after-free in RenderFreetype in MagickCore/annotate.c in | ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a | crafted font file, because the FT_Done_Glyph function (from FreeType 2) | is called at an incorrect place in the ImageMagick code. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14989 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14989 [1] https://github.com/ImageMagick/ImageMagick/issues/781 Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-11+deb9u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 10 Nov 2017 20:46:29 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Mühlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-
Bug#878507: marked as done (imagemagick: CVE-2017-13769)
Your message dated Sat, 18 Nov 2017 21:03:47 + with message-id and subject line Bug#878507: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3 has caused the Debian Bug report #878507, regarding imagemagick: CVE-2017-13769 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878507: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878507 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: patch security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/705 Hi, the following vulnerability was published for imagemagick. CVE-2017-13769[0]: | The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick | through 7.0.6-10 allows an attacker to cause a denial of service | (buffer over-read) by sending a crafted JPEG file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13769 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13769 [1] https://github.com/ImageMagick/ImageMagick/issues/705 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.9.7.4+dfsg-11+deb9u3 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 10 Nov 2017 20:46:29 +0100 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Mühlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-l
Bug#882088: libicu-le-hb-dev: fails to upgrade from 'sid' - trying to overwrite /usr/lib/x86_64-linux-gnu/pkgconfig/icu-le.pc
Package: libicu-le-hb-dev Version: 1.0.3+git161113-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package fails to upgrade from 'sid' to 'experimental'. It installed fine in 'sid', then the upgrade to 'experimental' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces >From the attached log (scroll to the bottom...): Unpacking libicu-le-hb-dev:amd64 (1.0.3+git161113-2) ... dpkg: error processing archive /tmp/apt-dpkg-install-ayU5Lf/29-libicu-le-hb-dev_1.0.3+git161113-2_amd64.deb (--unpack): trying to overwrite '/usr/lib/x86_64-linux-gnu/pkgconfig/icu-le.pc', which is also in package libicu-dev 57.1-8 Errors were encountered while processing: /tmp/apt-dpkg-install-ayU5Lf/29-libicu-le-hb-dev_1.0.3+git161113-2_amd64.deb cheers, Andreas libicu-dev=57.1-8_libicu-le-hb-dev=1.0.3+git161113-2.log.gz Description: application/gzip
Bug#882089: libdebian-installer FTBFS since glibc 2.25
Source: libdebian-installer
Version: 0.111
Severity: serious
Justification: fails to build from source (but built successfully in the past)
User: helm...@debian.org
Usertags: rebootstrap
| make[5]: Entering directory '/<>/build/src/system'
| /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I.
-I../../../src/system -I../../../include -I../../ -Wdate-time
-D_FORTIFY_SOURCE=2 -Wall -W -Werror -ggdb -Wmissing-declarations -Os
-fomit-frame-pointer -c -o devfs.lo ../../../src/system/devfs.c
| libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../../src/system
-I../../../include -I../../ -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -W -Werror
-ggdb -Wmissing-declarations -Os -fomit-frame-pointer -c
../../../src/system/devfs.c -fPIC -DPIC -o .libs/devfs.o
| ../../../src/system/devfs.c: In function 'di_system_devfs_map_from':
| ../../../src/system/devfs.c:127:13: error: In the GNU C Library, "major" is
defined
| by . For historical compatibility, it is
| currently defined by as well, but we plan to
| remove this soon. To use "major", include
| directly. If you did not intend to use a system-defined macro
| "major", you should undefine it after including . [-Werror]
| if (major (s.st_rdev) == e->major &&
| ^~~~
| ../../../src/system/devfs.c:128:13: error: In the GNU C Library, "minor" is
defined
| by . For historical compatibility, it is
| currently defined by as well, but we plan to
| remove this soon. To use "minor", include
| directly. If you did not intend to use a system-defined macro
| "minor", you should undefine it after including . [-Werror]
| ((e->type == ENTRY_TYPE_ONE && minor (s.st_rdev) == e->minor) ||
| ^~~~
| ../../../src/system/devfs.c:129:13: error: In the GNU C Library, "minor" is
defined
| by . For historical compatibility, it is
| currently defined by as well, but we plan to
| remove this soon. To use "minor", include
| directly. If you did not intend to use a system-defined macro
| "minor", you should undefine it after including . [-Werror]
| (e->type != ENTRY_TYPE_ONE && minor (s.st_rdev) >= e->minor))) {
| ^
| ../../../src/system/devfs.c:151:13: error: In the GNU C Library, "minor" is
defined
| by . For historical compatibility, it is
| currently defined by as well, but we plan to
| remove this soon. To use "minor", include
| directly. If you did not intend to use a system-defined macro
| "minor", you should undefine it after including . [-Werror]
|disc = minor (s.st_rdev) - e->minor + e->entry_first;
| ^~~
| ../../../src/system/devfs.c:159:13: error: In the GNU C Library, "minor" is
defined
| by . For historical compatibility, it is
| currently defined by as well, but we plan to
| remove this soon. To use "minor", include
| directly. If you did not intend to use a system-defined macro
| "minor", you should undefine it after including . [-Werror]
|disc = (minor (s.st_rdev) >> e->entry_disc_minor_shift);
| ^~
| ../../../src/system/devfs.c:160:13: error: In the GNU C Library, "minor" is
defined
| by . For historical compatibility, it is
| currently defined
Bug#878818: marked as done (ovito: FTBFS - Testsuite fails because executed with python3.5 instead of 3.6)
Your message dated Sat, 18 Nov 2017 21:10:37 + with message-id and subject line Bug#878818: fixed in ovito 2.9.0+dfsg1-3 has caused the Debian Bug report #878818, regarding ovito: FTBFS - Testsuite fails because executed with python3.5 instead of 3.6 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878818: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878818 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ovito Version: 2.9.0+dfsg1-2 Severity: serious Tags: patch Justification: FTBFS -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, With the ongoing python3.6 transition ovito is built with both python3.5 and 3.6. The latter being the defaut. This makes the testsuite fails with: make[1]: Entering directory '/<>/ovito-2.9.0+dfsg1/obj-x86_64-linux-gnu' Running tests... /usr/bin/ctest --force-new-ctest-process -j1 Test project /<>/ovito-2.9.0+dfsg1/obj-x86_64-linux-gnu Start 1: affine_transformation_modifier.py 1/184 Test #1: affine_transformation_modifier.py .. Passed0.39 sec Start 2: affine_transformation_modifier.py_extern 2/184 Test #2: affine_transformation_modifier.py_extern ...***Failed0.13 sec Traceback (most recent call last): File "affine_transformation_modifier.py", line 1, in from ovito.io import * File "/<>/ovito-2.9.0+dfsg1/obj-x86_64-linux-gnu/lib/ovito/plugins/python/ovito/__init__.py", line 17, in import ovito.plugins.PyScript ImportError: Python version mismatch: module was compiled for version 3.6, while the interpreter is running version 3.5. Start 3: ambient_occlusion_modifier.py 3/184 Test #3: ambient_occlusion_modifier.py .. Passed0.29 sec Start 4: ambient_occlusion_modifier.py_extern 4/184 Test #4: ambient_occlusion_modifier.py_extern ...***Failed0.13 sec Traceback (most recent call last): File "ambient_occlusion_modifier.py", line 1, in import ovito File "/<>/ovito-2.9.0+dfsg1/obj-x86_64-linux-gnu/lib/ovito/plugins/python/ovito/__init__.py", line 17, in import ovito.plugins.PyScript ImportError: Python version mismatch: module was compiled for version 3.6, while the interpreter is running version 3.5. ... An easy workaround is to tell cmake to use the default python3 interpreter instead of the first one it finds. Patch attached. Thanks, _g. - -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.12.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEoJObzArDE05WtIyR7+hsbH/+z4MFAlnlGykACgkQ7+hsbH/+ z4ObBwf7BIOnt3YAnvDpLQk6VSyeGDFodYuyyRqsG3a2GaLngyjYTNi9JsMEZ5OL Bbxo3+exnQANSZqsI/7Iz+K1kN2EQZxIAwym9GLLIn+k4Sv2H5eoOGRM0YnmfsK/ 5skaLKsfXmqEBD6p+v35E1/GylJt7AhkqHpd/QqYjgT9tiYyHOYkm6Xkg4rSrjBh 9BWKYeb2ecUYYxJkMzJ92eIjkJ+9qL4NLgDnj5gEclSb7HHpIQN+f7IEDePNqNyA ZmshKvKF8mrA4/5vIfjr2lAz8u1FcbWGEZxdKf2Vwvw4KX+QkqkO8DveMZmLvmMU Jb0tHh1m08wt504mfH7A4J3SAdYq9A== =Mq9q -END PGP SIGNATURE- diff -Nru ovito-2.9.0+dfsg1/debian/changelog ovito-2.9.0+dfsg1/debian/changelog --- ovito-2.9.0+dfsg1/debian/changelog 2017-08-10 19:44:59.0 +0200 +++ ovito-2.9.0+dfsg1/debian/changelog 2017-10-16 12:24:21.0 +0200 @@ -1,3 +1,10 @@ +ovito (2.9.0+dfsg1-2.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Force using default Python 3 interpreter + + -- Gilles Filippini Mon, 16 Oct 2017 12:24:21 +0200 + ovito (2.9.0+dfsg1-2) unstable; urgency=medium * [cdb5bde] Fix FTBFS on archs, where char is unsigned. (Closes: #871248) diff -Nru ovito-2.9.0+dfsg1/debian/rules ovito-2.9.0+dfsg1/debian/rules --- ovito-2.9.0+dfsg1/debian/rules 2017-08-06 23:51:10.0 +0200 +++ ovito-2.9.0+dfsg1/debian/rules 2017-10-16 12:24:17.0 +0200 @@ -5,6 +5,7 @@ dh $@ --parallel extra_flags += \ + -DPYTHON_EXECUTABLE=/usr/bin/python3 \ -DOVITO_BUILD_DOCUMENTATION=TRUE \ -DOVITO_BUILD_PLUGIN_SCRIPTING=TRUE \ -DOVITO_BUILD_PLUGIN_NETCDF=TRUE \ --- End Message --- --- Begin Message --- Source: ovito Source-Version: 2.9.0+dfsg1-3 We believe that the bug you reported is fixed in the latest version of ovito, which is due to be installed in the Debian FTP archive. A summary of the changes
Bug#859226: marked as done (m2ext: Please migrate to openssl1.1 in buster)
Your message dated Sat, 18 Nov 2017 21:10:25 + with message-id and subject line Bug#859226: fixed in m2ext 0.1-1.2 has caused the Debian Bug report #859226, regarding m2ext: Please migrate to openssl1.1 in buster to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859226: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859226 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: m2ext Version: 0.1-1 Severity: serious Control: block 827061 by -1 m2crypto will probably go with libssl1.0 for Stretch and m2ext should use the same library. Sebastian --- End Message --- --- Begin Message --- Source: m2ext Source-Version: 0.1-1.2 We believe that the bug you reported is fixed in the latest version of m2ext, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Andrzej Siewior (supplier of updated m2ext package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 13 Nov 2017 21:31:11 +0100 Source: m2ext Binary: python-m2ext Architecture: source Version: 0.1-1.2 Distribution: unstable Urgency: medium Maintainer: Debian Python Modules Team Changed-By: Sebastian Andrzej Siewior Description: python-m2ext - Extensions to the M2Crypto Python package Closes: 859226 Changes: m2ext (0.1-1.2) unstable; urgency=medium . * Non-maintainer upload. * Switch back to libssl-dev since m2crypto did it, too (Closes: #859226). Checksums-Sha1: b161d5152d162b420481883a85b606966873fbf1 1970 m2ext_0.1-1.2.dsc 9057571c4c4801a173271a884d686f21c965111e 1964 m2ext_0.1-1.2.debian.tar.xz 8b15f2d18884b60233b48b2d7ed874e80f413130 6501 m2ext_0.1-1.2_source.buildinfo Checksums-Sha256: 7fe2ded1434bfc0b1f08a73949301cf0fbbb175a460606b81ed15ac364b67df7 1970 m2ext_0.1-1.2.dsc 41a69112570c83ea110f63e5e7d596dad0b52c1e0ce3ce1eed6ee7a4fb734beb 1964 m2ext_0.1-1.2.debian.tar.xz 0f6737ba78846018f304c557ddb52c8b61cebe5584779d1d7464b6abe88dd225 6501 m2ext_0.1-1.2_source.buildinfo Files: 2b3e6c3475420c1b1d2b5dade5b61e5d 1970 python optional m2ext_0.1-1.2.dsc c672397d1231d128b40d62b8e577d7b0 1964 python optional m2ext_0.1-1.2.debian.tar.xz da0716dc4929b485ab84dc8d74b4b2ef 6501 python optional m2ext_0.1-1.2_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEErHvQgQWZUb1RregAT+XjJihy5MwFAloKATMACgkQT+XjJihy 5Mxy/w/7BL2PIOfleCu4J3nZs2CtZcsZJvqbXAHKr2gFdLwekpzRSGV0fWb5r49a 56xoHUMc96j625zHJvmNaQt764CwNiG8/HRY8gYwdOG3LbW247fFkwyv0P+RaeQF CRDs2NV8e5+nka+ccgXHjLfSFAD9xvWw3e5ZSjmJzjiHZg7r8ypW3ZawkgnwMtB3 ZK/kcE5/egDTJV+8NCQM65JhN4jDbuTXL49kFOQlMugdqcxggIE1K7buEth0+gTh OYTlyBdlWe36cevGn4wu4nSGBk04bALbiUuUoLNik5qbB8Bo1Nx3uD70UduOV+D3 ROTpBjTD5cGHGK+Gkh0B0oKhQdsf2vQYq2+E5t7NRH0AlY4KYCDnzSPJuwGiPQg8 F+qcA4gBjkBOF0mr98nxqA+ButMiq1tuFCl33nOdUYI727/J3f0nrk68El52tOJW kEbJAmEYFWSVQ9/P8idCv0Ek1FBn6DLbjWRUyTooDFJWMwwR+DyZPIOyJTdmM7ZS jfMD813uI4wFVwhHsZgjYHbPN26ed0raCC1PyrCk/yRe8yOvKVegGVHF5dPJFjW8 2y9/WL7ofHNiXLau0MF90hU+zEYzruJj3wiY5mRXZWBSjIXrCnyWoapfSGYJPXBk SJSQCyZiRSxWJYL5h+T5X+Jng5i8TCpDaNY2DHgLcdR4inXVvuo= =AXQ6 -END PGP SIGNATURE End Message ---
Bug#879952: marked as done (qt3d5-dev-tools: fails to upgrade from 'stable' to 'sid' - trying to overwrite /usr/lib/x86_64-linux-gnu/qt5/bin/qgltf)
Your message dated Sat, 18 Nov 2017 21:11:12 + with message-id and subject line Bug#879952: fixed in qt3d-opensource-src 5.9.2+dfsg-3 has caused the Debian Bug report #879952, regarding qt3d5-dev-tools: fails to upgrade from 'stable' to 'sid' - trying to overwrite /usr/lib/x86_64-linux-gnu/qt5/bin/qgltf to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 879952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879952 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: qt3d5-dev-tools Version: 5.9.2+dfsg-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package fails to upgrade from 'stable'. It installed fine in 'stable', then the upgrade to 'sid' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces This test intentionally skipped 'testing' to find file overwrite problems before packages migrate from 'unstable' to 'testing'. >From the attached log (scroll to the bottom...): Selecting previously unselected package qt3d5-dev-tools. Preparing to unpack .../qt3d5-dev-tools_5.9.2+dfsg-2_amd64.deb ... Unpacking qt3d5-dev-tools (5.9.2+dfsg-2) ... dpkg: error processing archive /var/cache/apt/archives/qt3d5-dev-tools_5.9.2+dfsg-2_amd64.deb (--unpack): trying to overwrite '/usr/lib/x86_64-linux-gnu/qt5/bin/qgltf', which is also in package qt3d-assimpsceneio-plugin:amd64 5.7.1+dfsg-2 Errors were encountered while processing: /var/cache/apt/archives/qt3d5-dev-tools_5.9.2+dfsg-2_amd64.deb cheers, Andreas qt3d-assimpsceneio-plugin=5.7.1+dfsg-2_qt3d5-dev-tools=5.9.2+dfsg-2.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: qt3d-opensource-src Source-Version: 5.9.2+dfsg-3 We believe that the bug you reported is fixed in the latest version of qt3d-opensource-src, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 879...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Shachnev (supplier of updated qt3d-opensource-src package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2017 22:43:29 +0300 Source: qt3d-opensource-src Binary: libqt53dcore5 libqt53dquick5 libqt53dquickrender5 libqt53dinput5 libqt53drender5 libqt53dlogic5 libqt53dquickinput5 libqt53dquickextras5 libqt53dextras5 libqt53dquickscene2d5 libqt53danimation5 libqt53dquickanimation5 qt3d5-dev-tools qt3d-gltfsceneio-plugin qt3d-assimpsceneimport-plugin qt3d-defaultgeometryloader-plugin qt3d-scene2d-plugin qml-module-qt3d qml-module-qtquick-scene3d qml-module-qtquick-scene2d qt3d5-dev qt3d5-examples qt3d5-doc qt3d5-doc-html Architecture: source Version: 5.9.2+dfsg-3 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers Changed-By: Dmitry Shachnev Description: libqt53danimation5 - Qt 3D animation module libqt53dcore5 - Qt 3D module libqt53dextras5 - Qt 3D extras libqt53dinput5 - Qt 3D Input module libqt53dlogic5 - Qt 3D logic module libqt53dquick5 - Qt 3D Quick module libqt53dquickanimation5 - Qt 3D Quick animation module libqt53dquickextras5 - Qt 3D Quick extras libqt53dquickinput5 - Qt 3D Quick input libqt53dquickrender5 - Qt 3D Quick Renderer module libqt53dquickscene2d5 - Qt 3D Quick scene module libqt53drender5 - Qt 3D Renderer module qml-module-qt3d - Qt 5 3D QML module qml-module-qtquick-scene2d - Qt 5 Quick Scene 2D QML module qml-module-qtquick-scene3d - Qt 5 Quick Scene 3D QML module qt3d-assimpsceneimport-plugin - Qt 3D GL Assimp scene import plugin qt3d-defaultgeometryloader-plugin - Qt 3D default geometry loader plugin qt3d-gltfsceneio-plugin - Qt 3D GL Transmission Format scene IO plugin qt3d-scene2d-plugin - Qt 3D Scene 2D plugin qt3d5-dev - Qt 5 3D development files qt3d5-dev-tools - Qt 3D development tools qt3d5-doc - Qt 3D documentation qt3d5-doc-html - Qt 3D HTML documentation qt3d5-examples - Qt 5 3d examples Closes: 879952 Changes: qt3d-opensource-src (5.9.2+dfsg-3) unstable; urgency=med
Bug#864818: marked as done (python-tablib: CVE-2017-2810)
Your message dated Sat, 18 Nov 2017 21:32:11 + with message-id and subject line Bug#864818: fixed in python-tablib 0.9.11-2+deb9u1 has caused the Debian Bug report #864818, regarding python-tablib: CVE-2017-2810 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864818: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864818 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: python-tablib Version: 0.9.11-2 Severity: grave Tags: upstream patch security Justification: user security hole Hi, the following vulnerability was published for python-tablib. CVE-2017-2810[0]: | An exploitable vulnerability exists in the Databook loading | functionality of Tablib 0.11.4. A yaml loaded Databook can execute | arbitrary python commands resulting in command execution. An attacker | can insert python into loaded yaml to trigger this vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2810 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2810 [1] https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307 [2] https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e For stretch and jessie, we quickly discussed that on IRC, and given there are not reverse dependencies and low popcon/usage, we suggest to have the fix going via a future point release, can you contact the release team for that? Regards, Salvatore --- End Message --- --- Begin Message --- Source: python-tablib Source-Version: 0.9.11-2+deb9u1 We believe that the bug you reported is fixed in the latest version of python-tablib, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand (supplier of updated python-tablib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 24 Oct 2017 21:15:19 +0200 Source: python-tablib Binary: python-tablib Architecture: source all Version: 0.9.11-2+deb9u1 Distribution: stretch Urgency: low Maintainer: PKG OpenStack Changed-By: Thomas Goirand Description: python-tablib - format agnostic tabular dataset library Closes: 864818 Changes: python-tablib (0.9.11-2+deb9u1) stretch; urgency=low . * CVE-2017-2810: apply upstream patch: use safe load (Closes: #864818). Checksums-Sha1: 7c6f83acf14cd7f6057ed39ca3c7c05bfce51a10 2221 python-tablib_0.9.11-2+deb9u1.dsc 8042ccfb88e6e58aaaf848966355b5bb58e02b65 3236 python-tablib_0.9.11-2+deb9u1.debian.tar.xz 1f706f3f67a41d3a5aa6e996eda7bebd6ea661b5 253880 python-tablib_0.9.11-2+deb9u1_all.deb bf361bc093643d58b943a36f2a5d78c1c0527156 7741 python-tablib_0.9.11-2+deb9u1_amd64.buildinfo Checksums-Sha256: 285ff404e3e7b511dae53951c12e1ae75b85e561fcecd9dd97c47ebdf19dce8f 2221 python-tablib_0.9.11-2+deb9u1.dsc 6fbf0e161d33e3b8483ff07c9650ae41d2fcc966bed495536b31c051198e57cd 3236 python-tablib_0.9.11-2+deb9u1.debian.tar.xz f0f72c9ca79b2fec3266ab3faddac328aebe711685f50cf5c687528d963d1391 253880 python-tablib_0.9.11-2+deb9u1_all.deb a349d56683aa1e19ab7857662583eb070d9784fe03d983c46f93b78413c655fa 7741 python-tablib_0.9.11-2+deb9u1_amd64.buildinfo Files: 99b5d445d2b1cdf72e36227b287aa37c 2221 python optional python-tablib_0.9.11-2+deb9u1.dsc 0199b637493f39f12a64aa70d50683a6 3236 python optional python-tablib_0.9.11-2+deb9u1.debian.tar.xz 745e306a9aab701d65dcc78f746a2625 253880 python optional python-tablib_0.9.11-2+deb9u1_all.deb fb051ccf0e30868f82bdb8d80375e483 7741 python optional python-tablib_0.9.11-2+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAlnvkXEACgkQ1BatFaxr Q/7F3g/9G4eGh2R+9l2XMME1MOOlR9w7AVlLoFTA/SYqzuaFqtCvz7rhkvSQewI0 UNs2Xw+ttBMiufe9UQpAnOnPdhF57UJqxErnQvpTXzqrPtOn5Amc+fBy0O05AfsN RsFC9NpH1IxU446nTUvCMon/r9590EuHOm6rPRw3QZZccp2FrIIp5RR62VKDryGn 2HTCVV9lNrAklaeOnytmDdotoLgWPzVZ3w5pQ94vaQ6HCfwkqvqB1rJrIbjduvRo BxvILz2695Mfg7QP+qZzETVZBg8FndesacP6ClV67UE7GGDwBJFPbnG4xDTR5At+ 8KP6OXX0UGXgQZ4
Bug#882095: python-pyrax FTBFS: test failures
Source: python-pyrax Version: 1.9.8-1 Severity: serious Some recent change in unstable makes python-pyrax FTBFS: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-pyrax.html ... == ERROR: tests.unit.test_autoscale (unittest.loader.ModuleImportFailure) -- ImportError: Failed to import test module: tests.unit.test_autoscale Traceback (most recent call last): File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests module = self._get_module_from_name(name) File "/usr/lib/python2.7/unittest/loader.py", line 232, in _get_module_from_name __import__(name) File "tests/unit/test_autoscale.py", line 10, in import pyrax File "pyrax/__init__.py", line 58, in from novaclient import auth_plugin as _cs_auth_plugin ImportError: cannot import name auth_plugin == ERROR: tests.unit.test_client (unittest.loader.ModuleImportFailure) -- ImportError: Failed to import test module: tests.unit.test_client Traceback (most recent call last): File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests module = self._get_module_from_name(name) File "/usr/lib/python2.7/unittest/loader.py", line 232, in _get_module_from_name __import__(name) File "tests/unit/test_client.py", line 16, in import pyrax File "pyrax/__init__.py", line 52, in from . import exceptions as exc ImportError: cannot import name exceptions == ERROR: tests.unit.test_cloud_blockstorage (unittest.loader.ModuleImportFailure) -- ImportError: Failed to import test module: tests.unit.test_cloud_blockstorage Traceback (most recent call last): File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests module = self._get_module_from_name(name) File "/usr/lib/python2.7/unittest/loader.py", line 232, in _get_module_from_name __import__(name) File "tests/unit/test_cloud_blockstorage.py", line 10, in import pyrax.cloudblockstorage File "pyrax/__init__.py", line 52, in from . import exceptions as exc ImportError: cannot import name exceptions == ERROR: tests.unit.test_cloud_cdn (unittest.loader.ModuleImportFailure) -- ImportError: Failed to import test module: tests.unit.test_cloud_cdn Traceback (most recent call last): File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests module = self._get_module_from_name(name) File "/usr/lib/python2.7/unittest/loader.py", line 232, in _get_module_from_name __import__(name) File "tests/unit/test_cloud_cdn.py", line 5, in from pyrax.cloudcdn import CloudCDNClient File "pyrax/__init__.py", line 52, in from . import exceptions as exc ImportError: cannot import name exceptions == ERROR: tests.unit.test_cloud_databases (unittest.loader.ModuleImportFailure) -- ImportError: Failed to import test module: tests.unit.test_cloud_databases Traceback (most recent call last): File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests module = self._get_module_from_name(name) File "/usr/lib/python2.7/unittest/loader.py", line 232, in _get_module_from_name __import__(name) File "tests/unit/test_cloud_databases.py", line 9, in from pyrax.clouddatabases import CloudDatabaseBackupManager File "pyrax/__init__.py", line 52, in from . import exceptions as exc ImportError: cannot import name exceptions == ERROR: tests.unit.test_cloud_dns (unittest.loader.ModuleImportFailure) -- ImportError: Failed to import test module: tests.unit.test_cloud_dns Traceback (most recent call last): File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests module = self._get_module_from_name(name) File "/usr/lib/python2.7/unittest/loader.py", line 232, in _get_module_from_name __import__(name) File "tests/unit/test_cloud_dns.py", line 12, in import pyrax File "pyrax/__init__.py", line 52, in from . import exceptions as exc ImportError: cannot import name exceptions == ERROR: tests.unit.test_cloud_loadbalancers (unittest.loader.ModuleImportFailure) -- ImportError: Failed to impor
Bug#868469: marked as done (imagemagick: CVE-2017-11352 (Incomplete fix for CVE-2017-9144))
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#868469: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #868469, regarding imagemagick: CVE-2017-11352 (Incomplete fix for CVE-2017-9144) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 868469: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868469 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: serious Tags: upstream patch security Justification: incomplete fix for previous security fix Forwarded: https://github.com/ImageMagick/ImageMagick/issues/502 Control: fixed -1 8:6.9.7.4+dfsg-12 Control: found -1 8:6.9.7.4+dfsg-9 Control: found -1 8:6.8.9.9-5+deb8u9 As noted in the upstream bug [1] the original fix for CVE-2017-9144 was incomplete. [1] https://github.com/ImageMagick/ImageMagick/issues/502 As the incomplete fix has security implications itself (DoS at least?) this might warrant a new CVE id. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 868...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097 876488 878507 878508 878527 878562 878578 881392 Changes: imagemagick (8:6.8.9.9-5+deb8u11) jessie-security; urgency=medium . * Multiple security fixes CVE-2017-12983 (Closes: #873134) CVE-2017-13134 (Closes: #873099) CVE-2
Bug#872373: marked as done (CVE-2017-12877)
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#872373: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #872373, regarding CVE-2017-12877 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 872373: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872373 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: imagemagick Version: 8:6.9.7.4+dfsg-16 Severity: grave Tags: security This was assigned CVE-2017-12877: https://github.com/ImageMagick/ImageMagick/issues/662 https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5 Cheers, Moritz --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 872...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097 876488 878507 878508 878527 878562 878578 881392 Changes: imagemagick (8:6.8.9.9-5+deb8u11) jessie-security; urgency=medium . * Multiple security fixes CVE-2017-12983 (Closes: #873134) CVE-2017-13134 (Closes: #873099) CVE-2017-13769 (Closes: #878507) CVE-2017-14224 (Closes: #876097) CVE-2017-14607 (Closes: #878527) CVE-2017-14682 (Closes: #876488) CVE-2017-14989 (Closes: #878562) CVE-2017-15277 (Closes: #878578) CVE-2017-11352 (Closes: #868469) CVE-2017-11640 (Closes: #870067) CVE-2017-12431 (Closes: #869715) CVE-2017-12640 (Closes
Bug#873099: marked as done (imagemagick: CVE-2017-13134)
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#873099: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #873099, regarding imagemagick: CVE-2017-13134 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873099: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873099 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security patch upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/670 Hi, the following vulnerability was published for imagemagick. CVE-2017-13134[0]: | In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the | function SFWScan in coders/sfw.c, which allows attackers to cause a | denial of service via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13134 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13134 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097 876488 878507 878508 878527 878562 878578 881392 Changes: imagemag
Bug#870848: marked as done (jackson-databind: CVE-2017-7525: Deserialization vulnerability via readValue method of ObjectMapper)
Your message dated Sat, 18 Nov 2017 22:19:00 + with message-id and subject line Bug#870848: fixed in jackson-databind 2.4.2-2+deb8u1 has caused the Debian Bug report #870848, regarding jackson-databind: CVE-2017-7525: Deserialization vulnerability via readValue method of ObjectMapper to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870848: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: jackson-databind Version: 2.8.6-1 Severity: grave Tags: security upstream Forwarded: https://github.com/FasterXML/jackson-databind/issues/1599 Hi, the following vulnerability was published for jackson-databind. CVE-2017-7525[0]: Deserialization vulnerability via readValue method of ObjectMapper If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. Upstream tracking is at [2]. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7525 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525 [1] https://github.com/FasterXML/jackson-databind/issues/1599 [2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7525 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: jackson-databind Source-Version: 2.4.2-2+deb8u1 We believe that the bug you reported is fixed in the latest version of jackson-databind, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany (supplier of updated jackson-databind package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 19 Oct 2017 01:44:42 +0200 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.4.2-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Closes: 870848 Changes: jackson-databind (2.4.2-2+deb8u1) jessie-security; urgency=high . * Team upload. * Fix CVE-2017-7525: Deserialization vulnerability via readValue method of ObjectMapper. (Closes: #870848) Checksums-Sha1: bed1c6ec546555eb0e49ccaea6857242ef849cf3 2688 jackson-databind_2.4.2-2+deb8u1.dsc aaec538f967e8cd0bbff405eef753d10ba2df664 851898 jackson-databind_2.4.2.orig.tar.gz 1ae7f0fdae862453a3f0ae6f76f13c053a87e59e 6220 jackson-databind_2.4.2-2+deb8u1.debian.tar.xz 95e9a700283eb51c8032018f4986828350058395 985394 libjackson2-databind-java_2.4.2-2+deb8u1_all.deb a879aefe50adfc4823b1d076edef6fc016cdfcab 4749164 libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb Checksums-Sha256: 8160da76d47ac9d45241761140b61cc26e9dd071a36e8614250764b473634dfd 2688 jackson-databind_2.4.2-2+deb8u1.dsc 06d8378c6ab40aca83354acf625969801e014a447756ad07e16365925ddf3aa1 851898 jackson-databind_2.4.2.orig.tar.gz 565f027fdb76103557f7e34236c269fa52459c32bc9174eeadbf5d30e0e84230 6220 jackson-databind_2.4.2-2+deb8u1.debian.tar.xz aec403bf86dd9d1c02ba956518fd64c5ed9b8c4df9ee3bae9f4edc205fa5 985394 libjackson2-databind-java_2.4.2-2+deb8u1_all.deb 088dd770a71d875faaee183ad9f7c7e5e9c5ffbd66bdd8432225971b47274edb 4749164 libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb Files: 659b09d354809dc185c3cea754e24703 2688 java optional jackson-databind_2.4.2-2+deb8u1.dsc a3cef86907e85f401571db6d5d5ae358 851898 java optional jackson-databind_2.4.2.orig.tar.gz b0b2c0c073904b9299d50f6e62272912 6220 java optional jackson-databind_2.4.2-2+deb8u1.debian.tar.xz b71da66cc63df8ec0ad08a551fa02958 985394 java optional libjackson2-databind-java_2.4.2-2+deb8u1_all.deb 422670e2acd0adb48667c8cd7dd38568 4749164 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlno6DtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub
Bug#876097: marked as done (imagemagick: CVE-2017-14224: Heap buffer overflow in WritePCXImage)
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#876097: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #876097, regarding imagemagick: CVE-2017-14224: Heap buffer overflow in WritePCXImage to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876097: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876097 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: upstream security patch Forwarded: https://github.com/ImageMagick/ImageMagick/issues/733 Hi, the following vulnerability was published for imagemagick. CVE-2017-14224[0]: | A heap-based buffer overflow in WritePCXImage in coders/pcx.c in | ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of | service or code execution via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14224 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14224 [1] https://github.com/ImageMagick/ImageMagick/issues/733 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 868469 869715 869728 870067 870106 870
Bug#873134: marked as done (imagemagick: CVE-2017-12983)
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#873134: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #873134, regarding imagemagick: CVE-2017-12983 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 873134: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873134 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: security patch upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/682 Hi, the following vulnerability was published for imagemagick. CVE-2017-12983[0]: | Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c | in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of | service (application crash) or possibly have unspecified other impact | via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12983 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12983 [1] https://github.com/ImageMagick/ImageMagick/issues/682 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 868469 869715 869728 8700
Bug#869728: marked as done (imagemagick: CVE-2017-13144)
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#869728: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #869728, regarding imagemagick: CVE-2017-13144 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 869728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869728 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: src:imagemagick Version: 8:6.9.7.4+dfsg-12 Severity: serious Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb7u4 forwarded: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438 Avoid a crash for mpc coder --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 869...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097 876488 878507 878508 878527 878562 878578 881392 Changes: imagemagick (8:6.8.9.9-5+deb8u11) jessie-security; urgency=medium . * Multiple security fixes CVE-2017-12983 (Closes: #873134) CVE-2017-13134 (Closes: #873099) CVE-2017-13769 (Closes: #878507) CVE-2017-14224 (Closes: #876097) CVE-2017-14607 (Closes: #878527) CVE-2017-14682 (Closes: #876488) CVE-2017-14989 (Closes: #878562) CVE-2017-15277 (Closes: #878578) CVE-2017-1
Bug#876488: marked as done (imagemagick: CVE-2017-14682: Heap buffer overflow in GetNextToken())
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#876488: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #876488, regarding imagemagick: CVE-2017-14682: Heap buffer overflow in GetNextToken() to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876488: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876488 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: grave Tags: upstream security patch Forwarded: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726 Hi, the following vulnerability was published for imagemagick. CVE-2017-14682[0]: | GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote | attackers to cause a denial of service (heap-based buffer overflow and | application crash) or possibly have unspecified other impact via a | crafted SVG document, a different vulnerability than CVE-2017-10928. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14682 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14682 [1] https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726 [2] https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulati
Processed: tagging 872195
Processing commands for cont...@bugs.debian.org: > tags 872195 + confirmed Bug #872195 [tircd] tircd: fails to install: chown: cannot access '/var/lib/tircd': No such file or directory Added tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 872195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872195 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#878527: marked as done (imagemagick: CVE-2017-14607)
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#878527: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #878527, regarding imagemagick: CVE-2017-14607 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878527 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: patch security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/765 Hi, the following vulnerability was published for imagemagick. CVE-2017-14607[0]: | In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to | ReadTIFFImage has been reported in coders/tiff.c. An attacker could | possibly exploit this flaw to disclose potentially sensitive memory or | cause an application crash. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14607 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14607 [1] https://github.com/ImageMagick/ImageMagick/issues/765 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 868469 869715 869728 8
Bug#878508: marked as done (imagemagick: CVE-2017-13758)
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#878508: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #878508, regarding imagemagick: CVE-2017-13758 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878508: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878508 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: patch security upstream Forwarded: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583 Hi, the following vulnerability was published for imagemagick. CVE-2017-13758[0]: | In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the | TracePoint() function in MagickCore/draw.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13758 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13758 [1] https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097 876488 878507 878508 878527 878562 8785
Bug#878562: marked as done (imagemagick: CVE-2017-14989)
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#878562: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #878562, regarding imagemagick: CVE-2017-14989 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.8.9.9-1 Severity: important Tags: patch security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/781 Hi, the following vulnerability was published for imagemagick. CVE-2017-14989[0]: | A use-after-free in RenderFreetype in MagickCore/annotate.c in | ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a | crafted font file, because the FT_Done_Glyph function (from FreeType 2) | is called at an incorrect place in the ImageMagick code. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14989 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14989 [1] https://github.com/ImageMagick/ImageMagick/issues/781 Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 868469 869715 869728 870067 870106 870109 872373 873099
Bug#878578: marked as done (imagemagick: CVE-2017-15277)
Your message dated Sat, 18 Nov 2017 22:18:46 + with message-id and subject line Bug#878578: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #878578, regarding imagemagick: CVE-2017-15277 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878578 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: patch security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/592 Hi, the following vulnerability was published for imagemagick. CVE-2017-15277[0]: | ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick | 1.3.26 leaves the palette uninitialized when processing a GIF file that | has neither a global nor local palette. If the affected product is used | as a library loaded into a process that operates on interesting data, | this data sometimes can be leaked via the uninitialized palette. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15277 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15277 [1] https://github.com/ImageMagick/ImageMagick/issues/592 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition
Bug#880116: marked as done (CVE-2017-15953 / CVE-2017-15954 / CVE-2017-15955)
Your message dated Sat, 18 Nov 2017 22:17:26 + with message-id and subject line Bug#880116: fixed in bchunk 1.2.0-12+deb8u1 has caused the Debian Bug report #880116, regarding CVE-2017-15953 / CVE-2017-15954 / CVE-2017-15955 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 880116: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: bchunk Severity: grave Tags: security Please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953 Cheers, Moritz --- End Message --- --- Begin Message --- Source: bchunk Source-Version: 1.2.0-12+deb8u1 We believe that the bug you reported is fixed in the latest version of bchunk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany (supplier of updated bchunk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 08 Nov 2017 19:41:33 +0100 Source: bchunk Binary: bchunk Architecture: source amd64 Version: 1.2.0-12+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Praveen Arimbrathodiyil Changed-By: Markus Koschany Description: bchunk - CD image format conversion from bin/cue to iso/cdr Closes: 880116 Changes: bchunk (1.2.0-12+deb8u1) jessie-security; urgency=high . * Non-maintainer upload. * Fix CVE-2017-15953, CVE-2017-15954 and CVE-2017-15955. bchunk was vulnerable to a heap-based buffer overflow with an resultant invalid free when processing a malformed CUE (.cue) file that may lead to the execution of arbitrary code or a application crash. (Closes: #880116) Checksums-Sha1: 81aebe5683cd802defc06114a2078eadd3315718 1992 bchunk_1.2.0-12+deb8u1.dsc 54309a79f5e90d845d836cad901ca5f0a8cd5184 5440 bchunk_1.2.0-12+deb8u1.debian.tar.xz 17bb2d6fc9b36ec88862ac903ad47d4c80aab8a4 13864 bchunk_1.2.0-12+deb8u1_amd64.deb Checksums-Sha256: 12114df1896dcb4b983641700cf7c6a8cbc9912bbae982970a2a5bbcf5b9650c 1992 bchunk_1.2.0-12+deb8u1.dsc 4675cb7b566b514e0fb2b7b5a1cf7b77df7443f22f7dd3eccd178fcffbf8161e 5440 bchunk_1.2.0-12+deb8u1.debian.tar.xz 420d6352929d09aaa632a1168e60c39f93593d36cc4023ca52198f919d3ec463 13864 bchunk_1.2.0-12+deb8u1_amd64.deb Files: 6e3c98ec0c298aaa6a78de8af0ccd9f7 1992 otherosfs optional bchunk_1.2.0-12+deb8u1.dsc 46e56c811a30bbdbf839d9a2c80c07e2 5440 otherosfs optional bchunk_1.2.0-12+deb8u1.debian.tar.xz 1043ffd19658501b4ec84ab583d1a400 13864 otherosfs optional bchunk_1.2.0-12+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloEVgxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkebgP/1oddsoozMfNnHme2Lk1TF09gX6TaEQA00fx 98FuPGuv17Wd/qO/WXPiflTrz/HiiEwHwfl5HHfMZBxKjTp409rIgnR+NIvkvD/K KFteObQQ+bwGB/Zth6KoRISHe9nhPyPp5L+YK4uc5s0qjWjZNzjWOtwUtBklNZvb dfvR+7RC8ITNjA4PJ9WFl4+fmJuuwgaYRltjxURLOhMI3AJBCMj20lU9h2+9c9YD VuRj8hXIybSo1K6mgJHnbxvoCgEqqaZrk86JgAw7oWyd9dTUxyeARpttm9Zlzi3q ePBWZcLc055n/cuSrJ5Pyg+8eFLaQxTr4MBPrie5T+4tp9StHR57BzGrM1BktqeE 6Ul8wtvMHxlLx7dFu8tD0fNth88X0xIdHEhPjlagCpC0aAUBt1Z9laXu+aTPqCaj vQrTpKJP99o3qrzgKY6zutie9+ItMcbthVh3UYAyL8k/VcICrJVk+q7/7TdwujAG jHJvBkO9CJS2q9aIMfY9Xhd+vUT8w3Z1zM0ZoiGLXYUP3Ur6DweExxOKYWez6rG3 btfVU6udQVAh53Q8yR19mYvlzu33VrIgzGlaqoxeii22aR6oPajMiyACsOugzrf0 xQ1k2kKKvdyvFWjeknNC7kd46ejEcZmVim8CFIvLqaETlmAUTj58rmX/q098Hp0h 6zBLBprH =blqQ -END PGP SIGNATURE End Message ---
Bug#879521: marked as done (irssi: multiple vulnerabilities fixed in irssi 1.0.5)
Your message dated Sat, 18 Nov 2017 22:18:55 + with message-id and subject line Bug#879521: fixed in irssi 0.8.17-1+deb8u5 has caused the Debian Bug report #879521, regarding irssi: multiple vulnerabilities fixed in irssi 1.0.5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 879521: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879521 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: irssi Severity: grave Tags: security Justification: user security hole Hi, irssi 1.0.5 has been released, fixing multiple vulnerabilities (a) When installing themes with unterminated colour formatting sequences, Irssi may access data beyond the end of the string. (CWE-126) Found by Hanno Böck. CVE-2017-15228 was assigned to this issue. (b) While waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672) CVE-2017-15227 was assigned to this issue. (c) Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference. Found by Joseph Bisch. This is a separate, but similar issue to CVE-2017-9468. (CWE-690) CVE-2017-15721 was assigned to this issue. (d) Overlong nicks or targets may result in a NULL pointer dereference while splitting the message. Found by Joseph Bisch. (CWE-690) CVE-2017-15723 was assigned to this issue. (e) In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. Found by Joseph Bisch. (CWE-126) CVE-2017-15722 was assigned to this issue. Can you prepare updates for sid, stretch and jessie (please coordinate with security team at t...@security.debian.org for the latter two)? Please add CVE numbers to the changelog so we can track them easily. Regards, -- Yves-Alexis Debian security team -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- Source: irssi Source-Version: 0.8.17-1+deb8u5 We believe that the bug you reported is fixed in the latest version of irssi, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 879...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated irssi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 01 Nov 2017 22:57:01 +0100 Source: irssi Binary: irssi irssi-dbg irssi-dev Architecture: source Version: 0.8.17-1+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Rhonda D'Vine Changed-By: Salvatore Bonaccorso Closes: 867598 879521 Description: irssi - terminal based IRC client irssi-dbg - terminal based IRC client (debugging symbols) irssi-dev - terminal based IRC client - development files Changes: irssi (0.8.17-1+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Address IRSSI-SA-2017-07. - CVE-2017-10965: NULL pointer dereference when receiving messages with invalid timestamp. - CVE-2017-10966: Use after free after nicklist structure has been corrupted while updating a nick group. (Closes: #867598) * Address IRSSI-SA-2017-10. - CVE-2017-15228: Unterminated colour formatting sequences may cause data access beyond the end of the buffer. - CVE-2017-15227: Failure to remove destroyed channels from the query list while waiting for the channel synchronisation may result in use after free conditions when updating the state later on. - CVE-2017-15721: Certain incorrectly formatted DCC CTCP messages
Bug#879001: marked as done (CVE-2017-12197: libpam4j: Account check bypass)
Your message dated Sat, 18 Nov 2017 22:19:23 + with message-id and subject line Bug#879001: fixed in libpam4j 1.4-2+deb8u1 has caused the Debian Bug report #879001, regarding CVE-2017-12197: libpam4j: Account check bypass to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 879001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879001 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libpam4j Version: 1.4-2 Severity: grave Tags: security Hi, the following vulnerability was published for libpam4j. CVE-2017-12197[0]: libpam4j: Account check bypass PAM.authentication() does not call pam_acct_mgmt(). As a consequence, the PAM account is not properly verified. Any user with a valid password but with deactivated or disabled account is able to log in. https://bugzilla.redhat.com/show_bug.cgi?id=1503103 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12197 Please adjust the affected versions in the BTS as needed. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/ --- End Message --- --- Begin Message --- Source: libpam4j Source-Version: 1.4-2+deb8u1 We believe that the bug you reported is fixed in the latest version of libpam4j, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 879...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany (supplier of updated libpam4j package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 07 Nov 2017 13:40:55 +0100 Source: libpam4j Binary: libpam4j-java libpam4j-java-doc Architecture: source all Version: 1.4-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libpam4j-java - Java binding for libpam.so libpam4j-java-doc - Documentation for Java binding for libpam.so Closes: 879001 Changes: libpam4j (1.4-2+deb8u1) jessie-security; urgency=high . * Team upload. * Fix CVE-2017-12197 (Closes: #879001): It was discovered that libpam4j does not call pam_acct_mgmt(). As a consequence, the PAM account is not properly verified. Any user with a valid password but with deactivated or disabled account was able to log in. Checksums-Sha1: 105d9b87b0572ff220531668a544997812788ac6 2288 libpam4j_1.4-2+deb8u1.dsc 1335e34fba33ab2531265ced9dbd58295476a81c 6880 libpam4j_1.4.orig.tar.gz 2500657ab3ebc3545fa6d3e45feac626a6e8c3e6 4980 libpam4j_1.4-2+deb8u1.debian.tar.xz 2c0ed786161a14cab91cf296adc0c076ca7827d9 14868 libpam4j-java_1.4-2+deb8u1_all.deb 618779d577c23c5dd835c339013955f2024d7a11 129648 libpam4j-java-doc_1.4-2+deb8u1_all.deb Checksums-Sha256: 5fae6bbd99b2cf248270243c6cec0d56e740d618c75bc24032555b20af4c175c 2288 libpam4j_1.4-2+deb8u1.dsc 83e738e7e6d5055adaaffccd0caa10ba03a13ea59bd016f9bb4d1306c7c3f550 6880 libpam4j_1.4.orig.tar.gz 7614b9fab4a0102f6dd2a30ed6d76781aea31955f35839513c4a858a06307dc2 4980 libpam4j_1.4-2+deb8u1.debian.tar.xz f7fa3cea0a66abaa813daab57eb3be02de07bd23d2a21049699ab0b1c2a77c7d 14868 libpam4j-java_1.4-2+deb8u1_all.deb 82920e6410269ca366f4dc17d8c38701fff12abe14a7721b68adbc3afd2e42d9 129648 libpam4j-java-doc_1.4-2+deb8u1_all.deb Files: e8fbbb11541dce6adc63149f509dbcf4 2288 java optional libpam4j_1.4-2+deb8u1.dsc 20d90b25f700a559f022d870682f5659 6880 java optional libpam4j_1.4.orig.tar.gz 33b0e775cee4e845cb9e45e42e5b7865 4980 java optional libpam4j_1.4-2+deb8u1.debian.tar.xz 8d3f16b7266b1a7e1f2ad5413252811b 14868 java optional libpam4j-java_1.4-2+deb8u1_all.deb 8b6f74c2a9b50b6ed9071b4c83a9121f 129648 doc optional libpam4j-java-doc_1.4-2+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloB63JfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEz
Bug#878507: marked as done (imagemagick: CVE-2017-13769)
Your message dated Sat, 18 Nov 2017 22:18:45 + with message-id and subject line Bug#878507: fixed in imagemagick 8:6.8.9.9-5+deb8u11 has caused the Debian Bug report #878507, regarding imagemagick: CVE-2017-13769 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878507: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878507 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: imagemagick Version: 8:6.9.7.4+dfsg-11 Severity: important Tags: patch security upstream Forwarded: https://github.com/ImageMagick/ImageMagick/issues/705 Hi, the following vulnerability was published for imagemagick. CVE-2017-13769[0]: | The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick | through 7.0.6-10 allows an attacker to cause a denial of service | (buffer over-read) by sending a crafted JPEG file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13769 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13769 [1] https://github.com/ImageMagick/ImageMagick/issues/705 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: imagemagick Source-Version: 8:6.8.9.9-5+deb8u11 We believe that the bug you reported is fixed in the latest version of imagemagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff (supplier of updated imagemagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 Nov 2017 23:13:59 +0100 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Moritz Muehlenhoff Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097
Bug#879474: marked as done (quagga-bgpd: CVE-2017-16227: BGP session termination due to rather long AS paths in update messages)
Your message dated Sat, 18 Nov 2017 22:21:36 + with message-id and subject line Bug#879474: fixed in quagga 0.99.23.1-1+deb8u4 has caused the Debian Bug report #879474, regarding quagga-bgpd: CVE-2017-16227: BGP session termination due to rather long AS paths in update messages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 879474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879474 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: quagga-bgpd Version: 1.1.1-3 Severity: important Tags: security upstream Dear Maintainer, there is a longstanding bug in quagga where certain BGP update messages cause a quagga bgpd to drop a session, possibly resulting in loss of network connectivity. Details: Long paths in update messages are segmented in BGP, and the bug is in the recalculation of the framing information if there are more than two segments. The resulting data is invalid but will will be used for redistribution. At least if the receiver is another quagga bgpd, that message is rejected, eventually resulting in a BGP session termination. The receiver's log (if written) contains an error message like | BGP: 172.23.97.181: BGP type 2 length 3074 is too large, attribute total length is 2069. attr_endp is 0x562feb368121. endp is 0x562feb367d2c then. So if a site's BGP peers all run quagga, that site will lose network connectivity due to frequent session termination. Additionally, the repeated initial full table transfer will result in a significantly bigger network load, I've seen around 1 MByte/sec/link, compared to usually less than one 1 kbyte/sec/link. Such extremely long AS paths have occured in the global BGP table at least four times since June. Last time started on Oct 13th around 20:43 UTC and lasted until the following week. All versions of quagga in Debian are affected. How to fix: Kudos to Andreas Jaggi who identified the bug and provided a fix[1]. After some hours of work I was able to reproduce the issue and can confirm this patch resolves the issues for all versions of quagga in Debian (wheezy, jessie, stretch = buster = sid). Details about the setup available upon request, it's just some stuff to write down. In my opinion this is serious enough to justify a security upload. If stable security disagrees, please fix this in the next stable point release. Regards, Christoph [1] https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008 signature.asc Description: Digital signature --- End Message --- --- Begin Message --- Source: quagga Source-Version: 0.99.23.1-1+deb8u4 We believe that the bug you reported is fixed in the latest version of quagga, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 879...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated quagga package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 30 Oct 2017 06:38:36 +0100 Source: quagga Binary: quagga quagga-dbg quagga-doc Architecture: all source Version: 0.99.23.1-1+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Christian Hammers Changed-By: Salvatore Bonaccorso Closes: 879474 Description: quagga - BGP/OSPF/RIP routing daemon quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols) quagga-doc - documentation files for quagga Changes: quagga (0.99.23.1-1+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * bgpd: Fix AS_PATH size calculation for long paths (CVE-2017-16227) (Closes: #879474) Checksums-Sha1: 7a5ccdd7208ba03181cea4a379d599f14245376a 2335 quagga_0.99.23.1-1+deb8u4.dsc 5d2f4e1c0afee677e607c35ce42d26da37cff9e6 39536 quagga_0.99.23.1-1+deb8u4.debian.tar.xz 01dfd91b08b445e3e46fe90dccfc9cee1cd494a7 907776 quagga-doc_0.99.23.1-1+deb8u4_all.deb Checksums-Sha256: 597a3623f5dda14bd27f278834c9e983c03dc7166f885b299fefffbc35db69e6 2335 quagga_0.99.23.1-1+deb8u4.dsc 07d9fe87596388d2fef83227f4a8052c6dc59c5d01a11938ddd7b088b0797e3c 39536 quagga_0
